Salesforce IdeaExchange
- then -
Force.com Platform Comments
| Force.com Platform Ideas
|
Administration & Sharing Comments
| Administration & Sharing Ideas
Distributed Data Administration (Modify All Data) on an Object Level
In many organizations, an administrator needs to give out Modify All Data in order to distribute administration. But in the process, they may inadvertently give out too much access (literally, the keys to the kingdom). What if there was a capability to restrict Modify All Data to a subset of functionality. For instance, you might want to distribute Modify All Data but only to Opportunities or to a custom object like Time Off Requests. That way, a process owner like the Time Off Manager Application Administrator can perform common data administration related tasks like transfer, Edit/Unlock records in an approval process, or edit any records regardless of sharing settings without having to have access to ALL objects.
|
atorman 11/06/08 |
Changed status to Ideas Under Consideration. |
|
EricCH 11/07/08 |
I also have this kind of need. See http://ideas.salesforce.com/article/show/10091373/Ability_to_restrict_to_priv... |
|
joyd 11/07/08 |
Yes, I would like certain users to have Modify All Data on certain objects! |
|
justedel 11/12/08 |
PLEASE! This would be amazing! |
|
erin_moore 11/14/08 |
I see this as an essential need and think it should be tied to implementing permissions sets/ user roles as described in: "Use of "Permission Sets" rather than Profiles" (Also under consideration as of Nov. 14, '08) |
|
SFDC2admin 11/18/08 |
What a great IDEA! |
|
allg 11/19/08 |
This very issues is a major for us. We often utilise the "grant log-in to Sys Admin" to get some key users to help us resolve issues internally. As you can only grant "log-in" rights to either SFDC or Sys Admin users, due to the "modify all data" setting we often risk our systems integrity. |
|
atorman 11/24/08 |
Changed status to Coming in Spring 09. |
|
atorman 11/24/08 |
In addition to a user's ability to Read, Create, Edit, and Delete (all of which are designed to respect sharing settings) we will be releasing two new object level permissions which allow the user to view all records and modify all records on an object basis. This is really designed to allow you, as a system administrator, to distribute some of your authority without having to give all of it. The ideal people to give this permission to are application administrators or user's who own an object or set of objects. It's only data related, so the user still won't be able to make any meta-data changes, but they will be able to manage the data associated with objects that they are responsible for. |
|
JohanLiljegren 11/24/08 |
Sweet! Looking forward to it! |
|
EricCH 12/08/08 |
Merged Idea
originally posted 08/07/08
Ability to restrict to private sharing on a profile basis
We currently use a public read/write setting on all objects for all our users. We now would like to create some new profiles for which we want to use a private sharing model. Currently there is no other way than to set the company wide sharing model to private and then extend to all but the new profiles the read/write access using sharing rules.
Being able to set this restriction on the profile level would really ease the pain and the risk of removing the access to profiles that should be able to see all data. Basically I wish we could restrict the access for specific profiles rather than to restrict all profiles and then extend the rights through sharing rules. |
|
atorman 12/08/08 |
Merged Comment
originally posted 12/01/08
Thanks for your idea!! This looks very similar to http://ideas.salesforce.com/article/show/10093858/Data_Administration_Modify_.... If it's okay, I'd like to merge these two ideas together in a week (12/8/08). Please let me know if you don't think these two ideas should be merged. Thanks!
|
|
EricCH 12/08/08 |
Merged Comment
originally posted 12/02/08
OK you can merge the ideas. Looking forward on the new release...
|
|
fjw 12/29/08 |
If this idea/new feature interests you but doesn't go far enough because of the size of your organization, please review and comment on Modify All Data based on Record Type |
track comments for this idea
Please log in to post a comment
recently promoted by:
- kpearson
- tgag
- Adam.Gerlinger
- MissouriAdmin
- sande
- Stevemo
- CM@affy
- marcbaizman
- jdavis06192008
- Scott_Jorgensen
- bk08ppd
- jason_macdonald
- samduncan
- daringrad
- radliberty
- pierre
- PerGeert
- geobaker
- greenwoodcr
- highweiwei
- angie.reese04222008
- svaswani
- joyd
- Alex_Solar1
- kadpa123
- charlesallen
- maksim
- smith4
- crislin74
- cventadmin
- pablo66
- andrew@asa
- johnwa
- jennyef
- Sunny
- foster
- happygirl
- Francesco23
- allg
- MKPartners.com
- itsdee
- grueser
- columbian
- suzannes
- initsysadmin
- CThompson
- georget
- SFDC2admin
- ltd
- dbmadp
- lindab
- rob_ocp
- jkubi
- remmedical
- cased19
- erin_moore
- kmira
- BarryPlum
- steve_andersen
- claudeg
- deepbluesea
- andreas_krebs
- cpierre
- wgra
- brianw4123
- schef
- Tannic
- justedel
- sjv11
- JohanLiljegren
- crispy
- guinnessisgood
- Smarks
- TimMadigan
- jnugent
- bgrimes
- NetGenIT
- michaellatideas
- dizzysean
- jfxk
- umf97
- nikkig
- mark2008
- studentforce
- erichoward
- AlexCRMmanager
- cken
- bluelane
- njdevilsfan
- EricCH
- atorman
- susana_nts
- Jakester
POST IDEA