 Hello everyone. I am Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. So as you can see this is day 11 of this Salesforce Learning Bootcamp. So we successfully completed 10 sessions and from today onwards like week 4 is going on and in this week like this is the first day and in this week we are going to discuss about data security and data loader. So today's topics are data security, object and field level security and we will be discussing about profiles permission set and permission set group. So first of all hello to everyone and we'll wait for couple of minutes so that everybody joins and then we'll be starting. So till the time more folks join so let's see few starting slides. So this is about me. I in every session show you the slides so that you know with whom you are interacting who is your trainer. Then these are some virtual learning best practices. So I can see many folks are like going through these best practices and they are doing practices as well. And in telegram group I can see people are discussing doubts so that is very great. So if you still have doubts so just note it down like in today's session whatever we will be discussing so just note it down and in the end of the session you can ask and I hope you are practicing all the sessions. And this week sessions are also connected like today and tomorrow we will be focusing on data security and data security is most important part of Salesforce as an admin as well as as a developer architect business analyst QA. So all all specific role of consultants should know what is data security. So that's why follow both the sessions today as well as tomorrow. And you can see like initially I will be explaining the topic so maybe today we will be covering this topic for 60 70 minutes and then I will do Q&A and if some of your question remains unanswered. So you can see there are three mediums through which you can ask your doubts. So I can see lots of people are asking doubts and YouTube video as a comment. Few are utilizing telegram group and few are interacting through Instagram page. So it depends on you which medium you wanted to use. Right. So please follow the information with other folks as well. So you can see this week and next week like we will be about to complete all the admin related stuff. And after that I will be starting admin project. Right. So please share the word with others as well so that they can also follow. Right. And I just updated the bootcamp timeline. So this week we will be covering data security and data loader and few concepts are remaining with admin. So like next week we will be having sessions for two to three days and I will try to cover those topics as well prior to implementing admin project along with you. Right. So I think you are comfortable with this timeline now. So let's jump to the topic for today and I can see if you comments are there. So I will take these comments. So let me just finish the session and then I will try to answer the questions. So focus on this session carefully because data security is important topic to understand. So data security is very important because you need to control what a user or a group of user can see in the org or app. Right. So I hope you remember whenever we tried to create a field or application or tab. So everywhere we used to decide like which profile can access that particular entity which we were trying to create. Right. So basically that profile is also part of data security. Right. So that will come later in this session. So through profiles permission sets we can control what user can access or not. So this is part of data security model. So first of all we need to understand what data security model is. Right. So here what you can see in the second point. Salesforce provides layered sharing model. Right. So there are total four layers available which says like what you can control in Salesforce with what feature. So you can easily assign different data sets to different group of users and you can control access to your whole org. Any specific object fields and records. Right. So if I take you to the next slide. You will be able to see four layers layers of data access. So in this levels we can see first is organization. Second is objects third is fields and fourth one is records. Right. So when we talk about data security. So we need to focus on organization first organization means your org second is object third is field and fourth is record. Right. So what you can see if if you want to control these things so you can control these things in particular order. So first of all suppose you want to access particular record. You want to see the information that is available in a record. So what do you need to do you need to have access to particular org. If you are not able to log in in particular org so you won't be able to access any record. Right. So first you need to decide whether you are able to access the org or not. If you are able to access the org then you need to decide whether you can access object or not. Right. An object we access with the help of tabs. If you are able to see that object or tab then with the help of fields you will be deciding whether you are able to see the records or not. Right. So these are four levels available in data access. So now you can see if we talk about data security. So security means if there are more than one users available in the org then you need security. Right. Because let me take a simple example. So if if we if we are only user available in the org if you have only one user in the org. So in that case you don't need to hide anything from any other user because you are having only one user in the org. But if you have two users in the org in that case you need to hide certain things from user to user similar to in our homes like in our homes if we have more than one members. So we we use to protect or secure some things from other people or family members. Right. So if you have more than one users in your org then you need security. Right. So that is basically known as data security here. So you can apply security on org level object level field level and record level. Right. Once you have applied the security then second terminology comes that is known as sharing. Right. So if you have secured something now how you will be sharing that thing with other users. Right. So first entity is security and second entity is sharing. So first we'll learn how we can secure and then we'll learn how we can share entities with other users. Right. So after discussion of these four levels let's discuss the first level that is organization. So if you want to control access to particular org so in this first is maintain a list of authorized users. Right. So in day one session I explained to you like how you can create your users. And I told you in Salesforce org in Salesforce developer edition or you can create two users at max because two licenses are available free of cost. And we created both the users. Right. So if you have created two users so it means with those two users you can log in from anywhere through any system. Right. So if you have username and password for those users then only you will be able to access that particular org and that we are trying to do every day as well. Whenever you want to access something in your org so you just type your username and password and you will be able to access the things which are available in your org. If you have credentials of another user then you will be able to access that org as well. Right. So if I take you in the org so here what you can see we have this users option and here you will find all available users. And from this list you need to identify which user is having Salesforce as a license. Right. So those users which are having Salesforce as a license so with those users you will be able to log in. So here in this browser I have logged in as Vikas Gupta. Right. And another user I am having as a test user. So if I take you to incognito window so here I have logged in as my test user. Right. Both are accessing same org but both are different users. One is Sanjay which is system admin and another one is test user which is non-system admin. Right. So these two users I have already created and with one user I am logged in in one browser and with another one I am logged in a different browser. So that second one is incognito window that you can log in. Right. Now so I hope first point is clear like if you have actual user created for you then only you will be able to access that org. Then second we have password policies. So you can set password policies for org level. So what you need to search password policies here and if you click on this option. The form will available and these password policies you can control for whole org. So you can see there are lots of options available. So if you read the label so you will be able to understand and accordingly you can configure your org level password policies. Right. So this is another feature of org level security. Right. Now third one is limit login to certain hours and locations. So here we have IP addresses. So what you need to do you need to search for network access and here you can set the start and end IP address. Right. So basis on that IP address you will be able to log in in that particular network. So if you read this description it says the list below contains IP address ranges from sources that your organization trust. User logging into Salesforce.com with a browser from trusted networks are allowed to access Salesforce.com without having to activate their computers. Right. So if you have created some trusted IP ranges here so you will be able to log in basis on that only. Right. So these are three options which are available for org level security that you need to maintain. So in this first one is really very important that is to have authorized list of users. Right. Because if you have list of authorized user and if you have user credentials available then only you will be able to access that particular org. Okay. So this was the level one. Now if you have access to your org now second level comes that is object level security. So you can see likes in Salesforce all the things we do that is around object or data whatever data we create that is available under particular object. So if you want to access particular data so first of all you need to decide whether you have access to particular object or not. Right. So what you can do you can control object level permissions for both standard and custom objects. Right. You can set permissions for a particular object. You can give permissions to view create, add it and delete any records of that object. So we have total four permissions available here view means you can just view the information of that record create means you can create new records. Add it means you can update existing records and delete means you can delete existing records. So these four permissions for particular object you can control and if you control those permissions so those comes under object level security. Right. So if you are not able to access any object. Right. So you just need to make sure whether you have access to that particular object or not. And how you will be deciding. So that is specified by the last point which says you can control object permissions using either profile and or permission set. Right. So today in today's session you will get to know what is profiles what is permission set because when we used to create any object field tab. And whatever else record type page layout so everything we used to control with the help of profiles. Right. So let me show you that thing in the org. So if I go to object manager and if I open account object and if I go to page layouts and if I click on page layout assignment. So here you will see this option profiles. Right. So now you can easily relate like the through this profile. We basically control what user can access or what user cannot access and object level security is part of that. Right. So if I go to fields and relationship and if I open any field. So on that field also you will be able to control. So here we have this option set field level security. If I click on this. So here also you will see like which profile will be able to like access that particular field or not. So this we also see whenever we create new field. There also we see this security similarly we see it for tab whenever we create record type. So whatever we have created so far we saw like we can control that thing with the help of profile. Right. So here you can see all the objects you can control with the help of profile. Now second is field level security which is the third level of data security. Okay. So if you have access to particular object then you can access that objects record but you need to make sure whether you have access to all the fields or not. If you are not able to see any field on the page layout. There may be chances you are not having permission for that particular field. So that's why whenever we used to create field. So we used to check that check box so that it it will it will be available for all the profiles because that time we were just ignoring that profile thing. But in today's session we will explicitly focus on profile so that you will get to know like after creation of app tab record type field whatever we have created. Later on also you can control those things through profiles and permission sets. Right. So here you can see in field level security we have you can restrict access to certain fields in Salesforce even if user has object level access. So if you have object level access still there may be possibilities you don't have access to particular field. So you can make a field visible to a particular user and can hide that from another user. So in this case your users profile may be different. Right. Or maybe they have different permission sets. Then we can give read or edit permission to a field. So for field we have only two permissions read or edit. Right. For object we have four permissions view, edit, create and delete. But here we have to read or edit. So read means you can just view the data and edit means you can view as well as modify the data. And if we see here so here we have two options visible and read only so this visible means edit. If you select only visible so it means field will be visible as well as you will be able to edit that field. And if you select read only as well it means field will be visible but in form of read only form. So this is the difference between these two terminologies. Right. Now last point says field level security can be controlled using profiles and permission sets. Right. So to understand object level security and field level security we need to focus on profile as well as permission sets. Right. So first I will go through profiles and I will try to control object and fields with the help of profile. And then I will try to explain the use of permission set. And everything I will be doing practically through a demonstration so that you will be able to understand. And I saw in one comment like someone is asking for real life use case. So I already told you we will be doing one end to end project where we will be taking a scenario and basis on that you will be able to understand like how in real time project things work. Right now we are just understanding particular feature and through that project we'll try to correlate everything together so that you will have a complete knowledge of particular end to end project. Right. So in today's session we will just learn how we can control things and how we can open up things. So control means how we can secure and open up means how we can share things with the users. So a profile is a collection of settings and permissions profile settings determine which data the user can see and permissions determine what the user can do with the data. A profile can be assigned to many users. So this is important. Third point is important. A profile can be assigned to many user. So one profile can be assigned to more than one users. But a user can have only one profile at a time. So this is an interview question that you need to remember and fourth point says to create new profile you need to clone existing profiles. Right. So existing profiles will be the base for your new profiles then only you will be able to use them. Okay. And these are the permissions that you can control with the help of profile. So these are different sections. Those are available on profile page. So you can control assigned app and assigned connected apps. So you can see like we created applications and we assigned those applications like which profile user can access or not. If you remember at the time of app creation in the last step we selected system administrator. Right. So this way we need to decide like which profile can access which particular application. And we have object settings app permissions apex class and visual force page access external data source access name credential access flow access custom permission and custom metadata type custom setting definition system permission. So these are different sections. And in this session I will try to focus on object and field first and then I will show you like how you can control other things as well. Okay. So what we can do. So before moving forward, let me show you how you can search about profiles. So first of all, you will be searching profile in the setup. And I'm clicking on profile option. And here you can see all available profiles. Right. So this is available list of profile. And at the bottom you can see we have total 38 profiles created in this org. And right now I can see one to 25. So if I click on this button next, so I will be able to see remaining 26 to 38. Right. So these all are profiles which are already available in this org and few profiles are marked as custom. If you see this custom checkbox is checked. Here you can see these three profiles are custom. Right. So you can write it by Salesforce. Still you can just delete and you can clone and all the standard profiles, those are available. You won't be able to delete them. You can just clone them. Okay. So these are the profiles. Now here you can see we have alphabets. So basis on these alphabets, you can just search particular profile. So if I click on S, so I will see the profiles which starts with S alphabet. And generally in real time projects when you will be creating new profiles. So generally we clone standard user profile because it has minimum set of permissions. Right. So I'm just clicking on standard user. And this way you can see all the permissions are listed here. So at top you can see app permissions and at bottom you can see system permissions are available. And in system permissions you can see we have system permission, login hours, login IP ranges, service provider, session settings, password policies and default experience. So these are the permissions that you can control with the help of this profile. So one user must have a profile assigned and that profile will control what that user can access or what that user cannot access. Right. So with the help of profile we can decide what user can access or what user cannot. So this is a view of profile. Sometimes what happens when you log in for the first time, you see different UI of profile. So that is basically known as this. So we have an option like which user interface for profile you want to use. So we have two interfaces. Enhanced profile user interface and one is old one, which is not enhanced. So this one is the enhanced profile user interface. If you search for user management settings. So here you will see this option. Enhanced profile user interface. Right. So in my org it is already enabled, but there may be possibilities in your org. It is by default disabled. So if it is by default disabled. So let me show you how your profile UI will look like. So if I go to standard user again and open it. So you will see different UI for your profile, which is a long page where all the permissions are listed. So you can see here we have standard object layout permissions. Then if I scroll, so I have field level security, then if I scroll, then we have custom app settings. Then we have a tab settings for standard tabs. Then we have record type setting. So in this interface, you need to scroll a lot. So this is not enhanced profile user interface. So it is outdated, but still it is available. So in your org, I think you will see this UI, which is not appropriate and you need to scroll a lot. So what you can do, you can just search for user management settings from here. You can just enable this button, second button from the second section, enhanced profile user interface. Once you enable it and then if you try to search for the profiles. And if you go to standard user, so here you will see this interface. So it is having all the sections on single clip. So if you want to like control object settings, so you just need to click on this button. If you want to control object settings, so you just need to click on this link. And here you can see permissions to access objects and fields and settings that specify which record type, page layout and tabs are visible. So we can control five settings through this object settings. We can control object, we can control fields, we can control record types, page layout and tabs for particular object. So if I click on this, so I will see all available list of objects. So here you can see all the permissions are available. Object permission, total fields, which are accessible, tab settings, page layout setting. So if I click on particular object, so here you will see all the permissions. So at top you can see we have tab settings, which is default on. Then we have record types if in your object you have created lots of record type, so you can control them as well. So right now you can see in this account object we have, we don't have any record type created. So master record type is available, which is having account layout. Okay, and then we have object permissions and then we have field permissions, right? So this way you can see through profile we will be able to control, right? Now I'm going to show you a quick demonstration. So I will show you how we can create new profile and then how we can configure or we can just control the permissions through that profile. Then I will be assigning that profile to particular user. So I already logged in with another user in my different window, so I will show you that thing. So first of all, I'm going to show you the users. So in this browser window I'm logged in with Sanjay Gupta and in another browser window I'm logged in as test user. And here you can see this test user is having profile as standard user. Okay, so if I go here and if I click on accounts, so I can access account records if I go here and click on all accounts. So here I can see total 13 records, right? If I click on particular record, so I can view all the details. I can view if I click on this pencil, I am able to edit and from here I can change and click on save. So I'm able to view, I'm able to edit. Then if I try to delete this record, so I'm able to delete as well through this button is visible. And if I try to create new accounts, so through this new button I'm able to create new account as well. So I'm creating test account one and clicking on save. So you can see a new record is created. So it means this user is having standard user profile and this user is able to perform all four operations which are supported by an object. Okay, now what I'm going to do, I'm going to create a new profile. So I just clicked on profiles. Now I'm going to S alphabet and before standard user, I can see a clone option is available, right? So I'm just going to click on this clone option so that I can clone standard user because all the standard profiles are uneditable, right? And as per best practice, never modify any existing profile whenever you have a requirement. So just clone existing and then do some changes in that, right? So here I'm creating it named as demo user, right? So I'm creating a new profile named as demo user and I'm cloning standard user profile. And user license is Salesforce. It means this profile can be assigned to a user that user must be having Salesforce as a license. So I'm just clicking on save. So you can see this demo user profile is created. If I again click on profiles, so on this page you will see this. So it is a profile that is created and you can see this checkbox is checked. That's why you can identify it is a custom profile. And anytime if you want to delete, you can delete it as well, right? So I just opened it. Now, if I want to see to whom it is assigned, so here you have this button as well assigned users. So if I click on this button, so through this button, you will be able to identify whether this profile is assigned to any user or not. So here you can see there is no record. It means it is not assigned to any user. Okay. So before assigning it to any user, I will be controlling things through profile. So what I'm going to do, I'm going to open this profile and clicking on object settings. And from here I'm selecting accounts and whatever I'm going to do in this video, I just created one exercise as well for you so that you can follow the steps and you can just make sure whether you are understanding things or not. And wherever you stuck, you can just revise everything from this sessions recording. So here you can see we are on demo user profile and I just opened account object. Now I clicked on added button and from here I am going to control this. So what I'm going to do, I am just revoking edit and delete access. I am just revoking edit and delete access. So this profile, the profile to whatever user you will be assigning this profile, those users won't be able to edit and delete account records, right? They won't be able to edit and delete account records no matter whether those records are created by those users or not because on object they won't be having edit and delete permission. Okay. And from this field permission, I'm going to revoke permission from this industry field. So here you can see we have two options, read access, edit access. So if you just remove edit access, so it means field will be visible but you won't be able to edit. And if you remove this one as well, so field won't be visible, right? So it depends how many checkboxes you check. So I just removed industry field access and I removed edit and delete access from this profile. So basically profile controls, if you have access for particular thing, then you can do that operation in the org with logging in with that particular user to whom you have assigned that profile. If permission is not given, then you won't be able to, right? So in many organizations, like if we take real-time scenario, so in many organizations, different employees, different people are having different access to particular system. So that is basically controlled with the help of profile, right? In Salesforce. And you know we have one profile that is system admin with which we are actually logging every day in our org. So system admin has a spatial privilege that system admin profile has access to everything, right? So in any hotel you see like hotel staff has master key, they can enter to any room. So that is system admin profile for you in Salesforce org, right? And the profile which is assigned to particular user, so whatever permissions are enabled, they can do only those operations in that org. So I'm just clicking on save now. So once I hit save, so you can see a demo user profile on account object can just view, can just read and create records. That user won't be able to add it and delete. And on industry field, you can see there is no permission. So user won't be able to see that field on the page layout. Okay. Now we just configured the profile, but we need to make sure this profile is assigned to that particular user as well. So what I'm going to do, I am having a button here assigned users. So I can just click on it. Then from here I clicked on new user. Sorry. No. I just need to click on add multiple now from here also I cannot. So what I'm going to do, I'm going to search for that user. And from here I clicked on edit. And from here I'm going to modify. So here you can see we have demo user profile. So I'm just clicking on save. Okay. So this user's profile got changed. It is now demo user. Earlier it was standard user. Now if I go to that profile, so I will be able to see that under that profile. So if I open the profile and click on assigned users. So here you can see that user information is available. Right. So this is test user and every data that I created is for testing purpose only. So we just need to go to a different window where I'm already logged in with that test user. And if I refresh the page, so I just need to verify two things. One is object permission and second is field permission. So here I'm on accounts. So I just clicked on accounts tab. Now if I click on this account record, go to details. So here you can see I can view the information, but you will see pencils are not visible. If I go here, so edit and delete buttons are also not available from this list. So it means I won't be able to edit this record. I won't be able to delete this record. Right. So those things are not possible here. Okay. And you can see if I try to search for industry field. So that is also not available on the UI industry field is also not searchable on the UI. If I go to system admin and if I try to open, let's say sales application. If I open the sales application here and go to accounts. If I open any account record, go to details. And if I try to search industry field here, so you can see it is available on the page. Like here in this page layout as well as in the compact layout, but with different like with a test user that industry field is not available. This is because on a profile, we just controlled that access. Right. So this way you can control access to particular object and particular field of that object through profile. So through profile, you can restrict what another users cannot access. And those things you need to do as system admin user. So you need to log in with system admin, then you can create new profiles and you can configure them. And in real time projects, if profiles are already there, then you can just open and edit those profiles and you can just do some changes. Right. So this way, I hope you understood the use of profile in Salesforce. So profile basically decide what you can access or what you cannot. If I go here, still I can see new button and I'm able to create new accounts. So I'm creating test account too. So you can see I can create new account. I can view newly created account because those permissions are still available on the profile. Right. So if I go here and search for the profiles and if I open demo user, so I'm going to open that profile again so that you can verify the permissions. So if I open accounts object, so here you will be seeing like added and delete permissions are not available. Right. So this way it is happening. Read create are available and added and delete are not available. So this way we create new profiles and we configure and assign those profiles to particular user and basis on users profile. It is decided what you can access or what you cannot. If you remove these read and create permissions as well, so you won't be able to see that tab. Right. So if you able to see that tab then nothing will be available under the tab. Right. Because you don't have any permission for that object. And if you don't have any permission on object and you have all the permissions on field that also doesn't make any sense. If you have object permission then only field permissions will be working. Otherwise not. So that's why it is layered layered sharing model layered security model. First you need to have access to or then object then fields and then records. Okay. Yeah. There are two more permissions available here view all and modify all. So these are related to record level security. So tomorrow I will be explaining how we can restrict record access. Right. So when we restrict record access and as like to particular profile. So for example, in your organization you have a few people those regularly work with data upload or export import exporting and irrespective to record access. So you need to have access to all the records. So for that we can enable view all and modify all. So if you have a record security applied like if you don't have access to particular records still you want to see all the records then on profile if you enable view all and modify all. So those users will be able to access all the records even if they don't have access. So it bypass record level security. So I hope this part is pretty much clear. Now we need to understand like if profile restrict something and so I'm taking one example. For example, there are two employees in an organization and both the employees are sharing same profile like demo user. So we have two employees A and B and both the employees are sharing demo user profile. Now they won't be able to add it and delete any account record because both are having same profile. So same permission will be applied to them. Now you want a employee can add it or maybe can delete as well. Employee A can add it and delete account records but employee B won't be. So what you can do first option if you modify this profile and give the access. So it will go it will goes to both the users A and B. So that will be incorrect. So another option what you can do you can create new profile for a employee. So in that profile you can give added and delete access as well and B profile B user will be having this profile but that is incorrect approach. So generally we have less profiles created which will be having common permissions for the users. If you want to share some additional permissions to particular users. So instead of creating new profiles what you can do you can create new permission sets. And if you have heard the news of Salesforce like by year 26 all the permissions will be shifted to permission sets only. So right now till to 26 permissions will be available on profiles as well as permission sets but later on most of the permissions will be shifted to permission sets only. So few permissions will be available on profile. Those you can assign as a common permissions and add on permissions specific permissions you can manage with the help of permission sets. Right so like I took one example we have two employees A and B and both are having this demo user profile. Now a user want added and delete access as well. So how you can do that you just need to create permission set for that. So search for permission set here. You just need to open it and while creating permission set there is no need to clone existing. If you want to you can but here you can see new button is also available. Okay so you can just click on new button and here you can create demo permission set. So I'm creating a demo permission set and naming convention you need to decide basis on the project like in project. It will be decided by the architect like which permission set you want to use what will be the name and from here you can select Salesforce as license. So it will also depend like to whom you will be assigning so accordingly you can select the license and just click on save. Okay so always remember permission set will be adding the permissions you can never revoke permissions through permission set. So let's see a few theoretical points regarding permission sets before configuring. We already created permission set but it is blank so we will be applying some configurations there. So here you can see a permission set is a collection of settings and permissions that give user access to various tools and functions. Permission sets extend user functional access without changing their profile. So whatever they have access through the profile so that will be intact. And beyond that profile if you want to give any additional permissions so that you can do with the help of permission sets. So through permission sets permission can be granted and anytime it can be taken away as well. So you can just assign permission sets and anytime you can revoke that as well. Right so it is a kind of power of attorney. So if you want to give permission for few days few months so you can assign permission set to user and then you can just revoke. Then users can have only one profile but they can have multiple permission sets assigned. So a user can have only one profile assigned but if you want to assign more than one permission sets so that can be done. Right and these are the things that you can control with the help of permission sets. So let's move to the org and here you can see I have already created this demo PS permission set and these are the permissions which are listed here that you can control. So right now we are focusing on object settings. So I'm just clicking on object settings and from here you can see everything for every object there is no access for every object you can see there is no access. Right now this permission set is blank in terms of object access for any object there is no access. Right so now you just need to decide which object permission you want to give. So I'm just opening accounts and from here I'm clicking on edit and I'm going to open up edit and delete permission. Right and create is unchecked because create is already checked in the profile. So now here I just wanted to clarify if on profile this create permission is checked and on permission set if it is unchecked so it doesn't mean it will be revoked. Right so you can say whenever you assign permission set so it always add on the permissions it never revoke any permission. So if anything is unchecked in the permission set so that will be completely ignored if that checkbox is checked in the profile so that permission will remain intact. So uncheck will make no sense in permission set only checked will be identified and those permissions will be add on. Right so you can see lots of checkboxes are unchecked but on profile those checkboxes are checked so those will remain intact whatever permission you give add on they will be applied. So I'm going to give industry permission read and edit access so this will be add on to that user with the help of permission set. So I'm just clicking on save so I created one permission set now to our test user I'm going to assign this permission set. Right so how you can do that either you can go to the user record like the way we assigned profile and we have this button here as well. Manage assignments and from here also you can control. So here you can create assignment. You can select particular user and click on next. And assign and you can specify the expiration duration as well. Right so this this was not available earlier it is new feature that is added. So you can specify the expiration date like for what duration you want to assign this permission set. Right so this way you can control and if you don't want that it will be expired so you can just select first option. And then click on assign. Okay so it is assigned successfully now what you can do you can just open user and here if you open the test user. And if so here you can see profile is assigned if you scroll down so here you can see this permission set is assigned. Right now if you want to assign a permission set from here or you want to remove so delete button is available to remove. And if you want to assign so click on added assignment. And you will be able to see all the available permission sets and you can select and you can add. And save and if you want to remove you can just remove it from here and save it. So this way you can assign permission sets to user. So through permission sets you can assign user to particular permission set or through users you can assign permission sets to particular user. Right so it is assigned so date assigned is available expiration on is not available because we didn't select it will be available forever. And if I go here and refresh the page so I gave added and delete access to particular object and then I gave access to industry field as well. So sometime you will see like if you configured any profile in permission set and if you are testing with your test user so there may be chances it doesn't apply immediately. So that that is because of caching so you need to do multiple refreshes and you need to wait for a few minutes and like after a few minutes that settings will be applied. So here you can see now I'm able to edit I can save it here I will be able to see delete option as well and you can see this industry field is also available here. Okay earlier it was not available so through permission set it is available. Right if we remove this permission set again those permission will be gone. So if I delete so I just removed that permission set from this user and if I come here so you will see the add on permissions will be gone. So you can see we don't have any pencil we don't have any industry field here and if I go here so you can see edit and delete options are also not available. Right so this way I hope you understood the use of profiles and permission sets. Okay so this topic permission set group I will be covering tomorrow because like we understood this topic almost around 55 minutes so now I can see lots of questions are there. So I'm just moving to question and answers first and this topic I will be covering in tomorrow session with record security. Right so I'm just skipping and now I'm going to pick questions from the beginning. So just a request please don't type new questions let me finish the old ones and then we'll take the new question. So first question is in Salesforce everyone want experience people what should fresher do. So there are fresher jobs also available and like this is the beginning of the year so in in the coming months there will be fresher openings as well. So you need to keep on learning Salesforce you need to understand admin development thing then you need to do like cloud certifications cloud knowledge also you need to have. And soon you will see lots of fresher and this is this is like hope. So like if you don't learn new things and there will be jobs so that will be total waste of time. So just prepare and whenever you get any chance so you can you can be like cracking that interview. Next is what if we have a career break how can we apply for jobs. So again prepare do certifications do trailheads like here I'm helping you to prepare for your career and keep on an eye on all job websites LinkedIn and whenever you see any opening so you can just apply. Tushar yes on Excel I am just working so this week is properly aligned next week maybe I will be taking session for two days because of some personal reasons so I will be updating Excel sheet. No worries. It will be up to the mark. Someone asked about apex trigger so I'm just skipping that you can ask it through other mediums. President is asking give some real time scenarios for data security so present I will be giving like I gave some examples here also but real time project related scenario I will be giving when we will be discussing about end to end project right so there you will see that. If you're asking would we would we be discussing license type and what are the different between. Yeah so right now we are focusing on the Salesforce license only right because we are using that only if you want to know about various licenses so for that you need to have enough knowledge of Salesforce first. So this bootcamp I'm starting from the beginning from scratch those who are not having enough knowledge so like in later states when you will be having enough knowledge of clouds as well like sales cloud service cloud then you will get to know. You will be able to understand different license types. So right now you just need to understand Salesforce license and I hope you remember like that Salesforce license is available in company information so through company information you can decide how many licenses you have used or how many are pending. And in today's session I use two users so you also need to create two users one is your system admin that is already available. You need to create one more user and through that user you can just log in into incognito window and then whatever you change through system admin you need to test through your another test user as well. Simi is asking what is the difference between view and read only so view means you can view and read only both are same. Yeah. So somewhere you will see view and somewhere you will see read only so both are same. Suraj is asking role profile out of this what is mandatory to define so profile is mandatory and role is like optional. If you don't populate so that doesn't make any sense. Then add Mary's asking added fields gave you the choice of modified but also updated. Yes modify and update both are same. Added modify update all our synonyms. So you asked view and read only both are same. If you can view so view can have added as well like if you view you are viewing the data read only means you want to be able to modify anything. So in view it may be possible you have added access as well. Once you click on it you will be able to modify the data but if you have read only access it means you can just view you cannot modify. Yes Mary reports and dashboards are managed by users on their own and we can share them as well that I explained in last week's session or where you can go and see like how we can share reports and dashboards. Yes Mary we never modify any standard profile I think you cannot do you need to clone and then you can just configure it as per your requirement because if we modify standard profile. So and if you want to use that standard profile as is so that won't be available. So every time you need to clone standard and then you can just modify that. Our next question is if you have certain profile according to your sales force you should be any more licensed what is the best practice to avoid buying. Yeah so generally we like client will be buying sales force license but if they have any additional functionality available like if you have experience cloud things. So you need to buy a license for that. If you have marketing cloud you need to buy a license for that so it depends what functionality you are using. So initially we need a sales force licenses but other license depend on the requirement. What is the difference between enhanced user interface and user one and in what case we have to toggle this button in user management settings. So this is good question. So in recent times we generally prefer enhanced user interface because it is having all the links on a single page you don't need to scroll a lot and whatever option you want to open you just click and it will be open. So older one you won't be using you will be using the enhanced user interface only. Okay so next is the profile settings was only for account object will be modifying the rest of the object if the yes yes me if you want to modify other objects so I just gave a demo around account. If you want to modify others you can do in the same way. Manan I think difference between read and view all is now clear I already explained how we how can we decide which profile we have to clone so no. So generally we prefer standard user profile but you can just see the licenses as well if you are working for different license so you can clone as per that license also. Standard object can be cloned as you cannot modify them. No, we can modify standard objects on standard object you can create fields. You can create validation rules other things so we cannot clone any object. User license and permission set license should be same to assign permission set to user. Yes, it should be same chin make class like class schedule is available in the Excel sheet so Excel sheet link is available in the description of this video so you can follow that. Amir is asking what about time zone and permission set so basis on time zone like if we go there so I just need to open the permission set so whenever we assign permission set so we have the time zone setting. So this is a new feature I also never use that in my project so I'm just selecting particular user clicking on next if you select it. So here you have different time zone so I think the user which you selected that users time zone you can select and basis on that time zone I think you will be able to so your time zone is selected by default. So the logged in users time zone is selected by default if you want to change it as per the assigned user so you can do that as well. Okay, so next is I have set up user profiles but I am unable to create permission sets so make sure Dharini you are logged in as system admin if you are logged in as system admin user you will be able to create permission sets. Record type will be configured also by permission to extend yes yes marry we can control record type as well. What is let me just check once record type so if you go here and in the object settings so I think we can but let's make sure. No, we cannot control record types from here. I don't see that setting here. Yes, like through this we won't be able to control record type record type I think we can control through profiles only. So you can just open other permissions and if that is available there I don't think that will be available there. So that is not available it means you cannot control record type with the help of this permission set we shall use of flow access on profile so permission to execute flow. If you click here so you can just add it and select particular flow that that flow access will be extended to that particular user if that user is not having access to that particular flow. No and our permission set is different dynamic forms are different. Elias respecting by IP address won't allow user to use VPN so I think no because like if you are in using the assigned IP addresses then only you will be able to log in so I think no. I will confirm this answer as well. So Praveen is asking so required fields can be hidden through profile by given uncheck that field. So if you mark any field required that can be hidden through profile by yeah that you need to do practically I think if field is required so it should be available it should be having access. So what we can do let me go to object manager and here I'm going to mark this actor as required. Let's see what happens in the profile. So I just selected the required checkbox and I'm clicking on save. Now if I go to profile so I'm going to open demo user profile and let's see what I can do here. So I'm going to object settings opening accounts and here. So if your field is required and if you remove the access then that you need to take care. So let's see what happens here. I'm searching for active yeah you can see it is disabled. So if field if you are marking field is required so you won't be able to control it through profile. So it is controlled automatically. So it was good question and it may be asked in interview. I also tested it for the first time. So next is we have only two licenses of Salesforce in a log but I see you have more than two. No I have also two. So if you go to company information then from here you can just verify. So if you go here so in user license you can see Salesforce I have only two licenses. The other users are of different license. If you open those users like I have total five users, two are Salesforce license user and three are other license users. You will also be having five if you create two. Three are available by default by the Salesforce. Prene limit I think you just need to go through the Salesforce document. So I will be searching and will be placing that in our FAQ. Salesforce have only two license and can we do unlimited clone user of Salesforce profile. Yeah, so they may be limit like you can create limited number of profiles. What is the difference between modify all and add it. So modify all basically we enable when we have a record security applied. If you have record security applied and if you enable modify all. So the records which you are not able to access still you will be able to modify them. Okay, so I can see there are lots of questions. What is the difference here that I explained how many profile we can assign to a single user one. When you create up to 10 users as multiple users it is mandatory to use role per user no. Only one profile at a time we can assign to a particular user. Okay, if we have to use a U1 and U2 and both have same profile and want to restrict you to form added particular field what should our approach. So just remove that added access from the profile and create a permission set and then you can assign that permission set whoever you want to give added permission. Sir, is there any hope to get good jobs and good companies for women with 30 then with long gap up to the non-technical teaching profile? Yes, so for that like Salesforce is running career gap program. So you need to explore Salesforce programs as well. So through that if you apply so there may be possibilities. So it is asking we can make only two users of Salesforce standard profile then can we do unlimited clone user of Salesforce profile? Yes, that can be done. Cloning you can done any number of time but there should be a limit. I will just check it, but it is not to you can create more than two. Okay, referring to exercise when designing a record page can be reuse standard component if we already use. Yes, you can because it was not available. Okay, so for one page you can use that standard component once. If it is like flow or any other like reports where you have multiple entities then you can reuse otherwise not. Registry like it depends on the market so you can just explore LinkedIn or other job porters and if you know admin and development both then there will be high chances to get a job. Sumit, I think I already answered to your question. What is the use of system permission for profile? What all is available there? So if you go to system permission, so if I open profile. So there are lots of permissions available under system permission. So if I open it and go to system permissions, so there are different different permissions those are available. So sometimes if you want to enable some functionality, so like if you want to give run report permission, so this should be enabled. If you want to give schedule report permission, right? So lots of permissions subscribe to dashboard. So these are different permissions. So you just need to explore and according to the requirement you can just enable these permissions. So lots of permissions are there. Manisha is asking if we already have clone profile given to user then no need to create permission set we can modify. Yes, but if you have assigned that profile to more than one users and if you want to give that permission to particular user in that case you won't be modifying the profile. Instead you will be just creating a permission set. Yes, our profile depends on license type. Record types are through profile and sharing model. So record type you can control with the help of profile. What is the difference between a system admin profile and a standard user profile? So system admin profile has more permissions. They have all the access, but standard user profile has limited access. So what you can do just open both the profiles in two different tabs and you can compare their permissions. Pranay, I will search a document for limits for profile information set and then we'll share with you. Next Rohan is asking can we assign only one profile to one user? Here in example you have assigned two users to same profile. Yes, so we can assign one profile to one user like one user can have one profile, but that one profile can be assigned to multiple users. So one user can have one profile. You cannot assign five profile to one user, but one profile can be assigned to more than one users. If the user is trying to get from another IP address then how we get access to any other verification method? If we have IP address range set then you won't be able to access. So better to set these access log in access on profile level instead org so that that particular profile user will be affected, not whole org will be affected. Sumit, today I explained profile, tomorrow I will be explaining role, then you will be able to understand the difference between role and profile. Yes, Vishal, your question is you don't have access to create edit delete account access, but you have all the field edit permissions. So then also you won't be able to do anything because if you don't give object permission then field permission doesn't matter. So if you have object access then only you will be able to utilize the field permissions. Why I am unable to log in every user, I can log in only one user. So just check whether you have created new user or not. If you create new user so you will be receiving an email for verification. You need to set the password then through that username and password in incognito window you can open. Make sure you log in incognito window. If you log in the same browser, so in one browser you can just log in with one user at a time. Vishal, will I be able to edit the fields? Although edit object is not given, no. If edit object is not given you won't be able to edit. Even if you have added access to the fields, we saw it. Like all the fields were having added permission. When I removed edit access I was not able to edit the fields. How can we determine what profile has access to a specific object? So you just need to open particular object and then only you can see. So go to profile, open object settings then see particular profile and particular object then only you can identify. Is it possible to log in as every user? Yes, you can, but in different browser window. So if you have four users, so you can open different browsers like you can open Firefox, other browsers you can use in place of Google Chrome. So one you can open in Google Chrome, one in incognito window, one in Firefox. So this way you can open with different users in the same system. Can we assign a profile to a particular group? No. Could you show again how to access as admin and demo user? Your skin was so fast. Can you show again how to access as admin and demo user? Okay, so like in one window you can just use login.salesforce.com where you can just type a username and password for admin. And if you want to log in with another user, so from here like through three dots, you can just open new incognito window. And there you can type login.salesforce.com and your test users, your second user's username and password. So you will be able to log in. Did you create this? Yeah, in my org test user was already created. And if in your org it is not created, you can. So if you want to learn like how you can create user, so if you can go to studysalesforce.com and under administrator lightning experience, you will find how to manage users. So here you can see, you can search users. So here you can see how to create new user in Salesforce lighting experience. So with this video, you can just set up your users. Next is can we give permission set to different profile? Can we give permission set to different? No, permission set and profile both are assigned to users. You cannot assign permission set to profile. You assign permission set to users, right? So profile is assigned to user and permission set is assigned to user. Okay. So I think I try to answer each and every question. So if there is another question, so you can just ask. Can we set permission and profile based on pick list? No. How to set different dashboard to the different profile homepage? I don't think so. I think what you can do, you can create different home pages and those home pages you can assign to different profiles. Instead of dashboard. So on that homepage, like if you have five dashboards and you have five users. So you can create five home pages on those five home pages. You can have different, different dashboards and those five home pages you can assign to different profiles. This way you can do. I hope this makes sense. Okay. So I think things are clear. So those who are still online. So what you can see, I'm just showing you the document where I listed all the questions for day 11. So whatever I demonstrated, it is available here except permission set group, everything I explained. So till step number nine, just try and practice and 10 and 11. I will be demoing tomorrow and tomorrow's exercise. I will be mentioning here in this document. I think this way, like you are able to have a schedule in your Salesforce journey and like weekly basis, you are learning new things. And through these exercises, first I demo things and then you try them in your org. So I think through this approach, you are able to understand the things well. And this approach, I will be applying throughout the bootcamp. So this approach will go with flow builder and development related stuff as well. Okay. And this FAQ is not updated. So last session chat is available. So I will be updating that. And today's session chat responses. I will also record. Okay. And I like I need one volunteer who can just so that that I will be taking separately. Okay. So is there any more question that you need answers? So yes, Sonaya permission set groups. I didn't explain today. I will be covering them tomorrow. Mary report and dashboards are configured by users. So you just need to go through the recording of last week sessions, then only you will be able to understand. Okay. So I think there are no more questions. So I'm also tired now. So I tried to answer each and every question and it was good session. You asked lots of good questions. It is also improving my knowledge as well. Okay. So do some practice and tomorrow's session will also be interesting because you will be learning new things and have faith. Have hope, prepare well, learn admin development, do some certifications. And after this admin and development bootcamp, I will be giving you a cloud specific boot camps as well like sales service and Omni studio. So I'm preparing those content as well. So like this whole year, you will be getting all the stuff related to Salesforce. So there may be jobs available. So have faith and I'm trying my best and let's hope for the best like you will be having a job soon. So why don't you save and publish live videos? So they are published like once this streaming will be ending. It will be available on YouTube. So I just created a playlist where you can find all the videos. Yes, Mary, like together data security is complicated. But if you do proper practice, it is very simple. Thank you, Manisha. Thank you, Vijay. Thank you, everyone, those who are, thank you, like showing their gratitude to me. Thank you for joining the session. Next question is, is system admin able to log in other user account without their username and password? Yes. So we need to enable login button. So I think in the first session I showed you, you can just search for login access policies and then you can just enable that checkbox. Like system admin can log in with another user. So if you enable that checkbox and if you go to user, user list, you will have that button to log in. So this user 1905, what you can do, just go to the description of this video and you will find the link of the playlist. There all the videos are available, right? And this video description is having this Excel sheet link as well. So in this Excel sheet, you can see all the video links are available. So all the recording links are available with topic, whatever we have covered so far, right? And this week we are going to cover day 11, 12 and 13. And next week I will be taking only two sessions, day 14 and day 15. And after that week I will be covering this admin project. So these dates I will be modifying. So I was working on that. So we'll be updating this, right? So this sheet you can refer. Its link is available in the description. So everything is available and it will be forever. Nothing will be removed from nowhere. So everything will be with you. You can access anything every time. Yeah. So development schedule is also there. Just go through the sheet. All your answer or your questions will be answered. Okay. Thank you everyone. Have a good day. Good evening. Bye.