Salesforce Security Part III
Salesforce will provide faculty and staff with access to important information (e.g., student biographic data, recruiting information, program information) that is necessary to perform their job. However, access is exclusive and controlled; users must request access to view and/or update, get approval from Data Stewards, and then be granted direct permission by the IS Security Team.
This high-level security process ensures that information is kept safe and used only by those who require it to complete specific tasks. So what about prospective users who do not yet have an account?
Here’s how the New User Profile request process works:
1. First, let’s suppose that Jane Doe, a KSU staff member, is planning diversity workshops during the fall semester. She would like access to the University Calendar to add her events, but she does not yet have permission to do so. Therefore, Jane will have to submit a request for either a new user account or, if she already has an existing one, a request for additional permissions.
2. Next, the IS Security Salesforce team will assess whether access is appropriate by reviewing the user’s profile and permissions and, if any already exist. If her manager is submitting the request or has approved the request, then IS will check the following, as needed:
First, are signed confidentiality forms on file for Jane?
Second, is Data Steward approval needed? If necessary, IS will request approval from the appropriate Data Steward(s), who oversee how and by whom data is used. That is, they have the ultimate authority to grant permission, depending on how necessary the need or use for the information is
3. When IS receives all approvals, the Security Team will grant the requested access to the user’s account and then notify her.
4. Jane will then have access to schedule her event.
Currently, IS follows this process for our testing and production Salesforce environments. This allows Jane Doe and other KSU users to request appropriate access for their job duties.
And while this process includes all the elements, it’s currently a manual process. The IS Security Team is developing standardized and automated processes to fulfill these requests more quickly and efficiently, and also so that they are reportable.