When I am on the permission set page, the 'New User' and 'Add Multiple Users' button is for adding physically new users...I want to add users to the permission set.   In otherwords, I don't want to navigate to 500 different users adding a permission set one at a time.

I thought maybe I could do it through the meta-data in Eclipse, but alas only the permission set is present, not what users the permission set is tied to...

I'm enjoying getting into Salesforce but I am running into issues where finding answers to questions both on-line and in books are not very detail oriented, specifically starting with change and configuration management:

I've got Eclipse hooked up and have discovered how to get the meta-data as well as deploy changes to another system.   When in Eclipse doing the deploy red appears to be things that are dropped, gray are things that have not changed, and yellow things that have changed, is this a correct statement?

More importantly though, and keeping in mind that I'm not very familiar with Eclipse, is there a command line tool that I'd be able to synchronize meta-data between systems?   The idea being that builds can be automated without requiring a 'build user' to have a copy of Eclipse and manually run through the Wizard to do a deployment.

My second question revolves around 'right tool for the job':  I've determined that you can create new objects, views, and just about anything by updating the meta data, but the tools are not very rich in features so you kind of have to know what you are changing and perhaps it is better to make the changes in directly on the web site and then pull them into Eclipse for deployments to other environments?

My third question is about security.   The security model of Salesforce is interesting in  the fact that it is only additive and any new profiles must be built from an existing profile - you can't build one from scratch.   It seems you can easily back yourself into a corner if you use the wrong profile to start off with.   To me, it almost seems easier to have a basic profile and then use permission sets to add required permissions to users similiar to add groups to a user in Active Directory, however what is have been the experiences of the group?

Thanks!

Hi Everyone - 

We are working on implementing Salesforce.com and seem to have run into a possible limitation with security....not sure if we are missing something simple here, or if anyone else has run into something similar.

We have Accounts that are associated to different Markets (that span the country) and Regions of the country.  Our selling model is two-dimensional in that we have Sales Reps that cover specific Markets and Sales Reps that cover specific geographies.  

Essentially....it creates a matrix.

For example, 

We have a Rep that covers Market A for the entire US and a rep that covers all of the Markets in the West.  Both reps need to have Full Read/Write access to the accounts for Market A in the West -- including all related data.  There is a possibility that we may need to share the records with other reps, as well.

For the most part, we will cover this using Territory Management and Sharing rules.  We are using record types (based on Market) and page layouts (1-to-1 for each Market), and each record has a picklist for the Market and assigned region.

The problem that we are running into is that we would like the ability to expose a few fields for all of the Accounts in our org to every user, and the Territory management would give access to all of the fields to the rep for the Market and the rep for the Region.  

Does anyone have any ideas on how we may expose just a few fields from Accounts to everyone without limiting their future ability to see all of the information if a record is shared?

Thanks!