All right—we're finally ready to dig into the app and create our first profile! Let's start with the Recruiter profile.
1. From Setup, enter Profiles in the Quick Find box, then select Profiles.
Standard Profiles
Here you should see the list of standard profiles that we talked about earlier. After we create our custom profiles, they'll also show up in this list.
First, we can quickly tell which profiles we can play with by looking at the Custom column—if it's checked, that means it's a custom profile and we can edit anything about it. If that column is not checked, we can still click the Edit link; we just can't modify any of the permission settings. (What does that leave for us to edit on a standard profile? Well, we can choose which tabs should appear at the top of a user's page, and we can also select the apps that are available in the Force.com app menu in the top-right corner of the page.)
2. Create a new profile named Recruiter based on the Standard User profile.
There are actually two ways of doing this—we can either click New Profile, select an existing profile to clone, name it, and click Save, or we can simply click Clone in the detail page of the profile that we want to copy, name it, and click Save. Ultimately, it's the same number of clicks, so choose the method you like best. Standard User is the profile that most closely resembles what we want our new Recruiter profile to look like, so it's a good starting point.
3. In the new Recruiter profile's detail page, click Edit.
The Recruiter edit page should look and function exactly like the Standard User profile edit page except with one important difference: you have the ability to modify any of the permission settings.
4. In the Custom App Settings area, make the Recruiting app visible to users assigned to the Recruiter profile, as shown in the following screenshot.
Profile Custom App Settings Area
Tip: You can also give this profile access to any of the other available apps as well. Every profile needs to have at least one visible app.
When an app is visible, a user can select it from the Force.com app menu at the top-right corner of the page. Be aware, however, that even if an app is visible, the app's tabs won't show up unless a profile has permissions to view the tabs and permission to view the associated object. (We'll set both of those permissions lower down in the Profile edit page.)
5. Select Default next to the Recruiting app.
Making this selection means that the Recruiting app will be displayed when a user logs in. You'll notice that when you select an app as the default, its Visible checkbox is automatically selected, because it doesn't make sense for an app to be the default if it's not visible to the user.
6. In the Object Settings area, select Default On for the Candidates, Employment Websites, Job Applications, and Positions tabs.
Tip: You can choose whether you want other tabs to be displayed based on the additional apps that you made visible in the last step.
For the purposes of our Recruiting app, all of our custom recruiting tabs are on by default. For any other tabs that you select, you can choose which should be displayed on top of the user's page (Default On), hidden from the user's page but available when he or she clicks the All Tabs tab on the far right (Default Off), or completely hidden from the user (Tab Hidden).
Realize that even if you completely hide a tab, users can still see the records that would have appeared in that tab in search results and in related lists. (To prevent a user from accessing data, we have to set the proper restrictions in the Standard and Custom Object Permissions areas lower down in the Profile edit page—we'll get there shortly!)
The Overwrite users' personal tab customizations setting appears if you have an organization that's currently in use and you want to make sure your existing users are viewing the tabs that you've selected. You don't need to select this for our app because we're defining a brand-new profile and no one has personalized his or her tab visibility settings yet. However, if you do want to select this option at some point in the future, just make sure you're not going to annoy your users by deleting all of their customizations!
Profile Tab Settings Area
Just below the Tab Settings area, the Administrative and General User Permissions areas of the profile allow you to grant special access to features and functionality that don't map directly to particular objects.
None of these permissions affects our Recruiting app, but you can learn more about them in the Salesforce Help.
It's time to move on to the object-level permissions.
7. In the Custom Object Permissions area, specify the object-level permissions for our Recruiter profile according to the following table.
Table 26: Summary of Required Permissions: Recruiter
Modify All View All
Delete Edit
Create Read
Candidate Employment Website Job Application Job Posting Position Review
Tip: Depending on the apps that you made visible previously, you can also set additional object
Since there are no instances when a recruiter should be allowed to delete positions, candidates, job applications, and reviews, we should make sure that the object-level permissions for deletion are turned off for these objects. Also, make sure the “View All” permission is only selected for Employment Websites, Positions, and Job Postings, and the “Modify All” permission is only selected for Job Postings and Employment Websites. These are special kinds of object permissions that we'll discuss later in this chapter.
By restricting the power to delete recruiting-related objects here, recruiters will never be able to delete these objects. However, the fact that we're granting recruiters permission to create, read, or edit our recruiting objects does not necessarily mean that recruiters will be allowed to read or edit every recruiting object record. Why?
Here we see the result of two really important concepts in the platform:
• The permissions on a record are always evaluated according to a combination of object-, field-, and record-level permissions.
• When object- versus record-level permissions conflict, the most restrictive settings win.
What this means is that even though we are granting this profile create, read, and edit permissions on the recruiting objects, if the record-level permissions for an individual recruiting record prove to be more restrictive, those will be the rules that will define what a recruiter can access.
For example, our new profile gives a recruiter permission to create, edit, and view reviews. However, if we set organization-wide defaults for reviews to Private (a record-level permission), our recruiter will be allowed to edit and view only his own reviews, and not the reviews owned by other users. We'll learn more about record-level permissions later and go through more examples of how they work with the object-level ones, but for now, just understand that object-level permissions are only one piece of the puzzle.
8. Click Save to create your profile and return to the profile detail page.
Congratulations! We're done with our first profile. As you can see, it really wasn't that hard, because we'd already analyzed our required permissions and knew what objects recruiters will need access to. In the next section, let's quickly finish up our other two profiles and then move on to field-level security.
Beyond the Basics
Did you know that you can use an improved user interface to manage profiles?
Say you manage a lot of profiles and you'd like a more a streamlined experience. With the enhanced profile user interface, you can easily navigate, search, and modify profile settings.
To find out more, see “Enhanced Profile User Interface Overview” in the Salesforce Help.