Use Permission Sets

<< Click to Display Table of Contents >>

Navigation:  PrintSF Enterprise Edition > Install & Configure > Grant User Permissions >

Use Permission Sets

To grant PrintSF related permissions in Salesforce using Permission Sets, follow the steps below.

 

Go to Setup > Administration Setup > Manage Users > Permission Sets and find the 2 starter Permission Sets installed by the PrintSF App:

 

UsePermSets_ListofStarterPermSets

 

Because Permission Sets installed through Managed Packages can be inconsistent in retaining their original settings, and because you can't edit Permission Sets which are part of a Managed Package, please use our 2 starter Permission Sets to clone and create new Permissions Sets in which you will verify or modify the settings detailed below.  

 

1.If needed, clone the "PrintSF Full Site User" Permission set to a new set named "{Your Company} PrintSF Full Site User", and then verify or modify all the setting listed below for your User Types and use case(s).

2.If needed, clone the "PrintSF 1-to-1 User" Permission Set and name it "{Your Company} PrintSF 1-to-1 User", then verify all settings listed below and modify as needed.

3.If your Sync User will NOT be a SFDC Admin, you may wish to create an all new Permission set to grant the Sync User the 2 permissions of "Run Flows" and "Modify All Data" as detailed below.

 

UsePermSets_ClonePermSet

 

Once you have cloned or created new Permission Sets, verify and/or modify each of the below permission settings as needed for your various User Types.  The table list the most commons User Types of "1-to-1 Only User", "Full Site User" and "Sync User" and recommended permission settings for each User Type.

 

Apps > Assigned Apps

1-to-1 Only User

Full Site User

Sync User

Any SFDC User that needs access to the full PrintSF site will need the PrintSF Custom App (API name printsf.PrintSF) available as an Assigned App.  This results in "PrintSF" being visible in the App drop down pick list. Note this setting does not usually carry over when cloned so you'll likely have to add printsf.PrintSF as an Enabled App manually in each Permission Set.

PermOverview_AssignedApps

Not Needed.

Yes - Needed

Not Needed purely for the Sync process, however if the Sync User  is a real person/User that will also use or access PrintSF, then access to the PrintSF Custom App should be granted.

Apps > Assigned Connected Apps

1-to-1 Only User

Full Site User

Sync User

Next under Assigned Connected Apps add PrintSF Connector as an enabled connected App.  Any user accessing PrintSF within SFDC will need this Connected App enabled. Note this setting does not usually carry over when cloned so you'll likely have to add it manually in each Permission Set.

 

Note - Salesforce System Administrators will have all needed permission to use PrintSF immediately upon install EXCEPT ACCESS TO THIS CONNECTED APP.   You will want to add the PrintSF Connector as an enabled Connected App either directly though the System Administrator User Profile, or by assigning one of your cloned Permission Sets to one or more Salesforce Admin Users.

PermOverview_AssignedConnectedApps

 

 

Yes - Needed

Yes - Needed

No - Not needed purely for the Sync process, however if the Sync User  is a real person/User that will also use or access PrintSF, then the Connected App must be enabled.

Permission Set Overview > Object Settings (Collateral Order & Mailer History)

1-to-1 Only User

Full Site User

Sync User

Object Settings are used to (a) grant read or modify rights to the Collateral Order & Mailer History objects, and (b) to optionally expose the Custom Tabs for these objects.  Even if you don't grant access to the Custom Tabs for Collateral Orders & Mail Histories, you will likely want to liberally grant READ access to these 2 objects to all users that will benefit from seeing the Mailer History against Leads/Contacts/Campaigns, or via Reports.

For your desired Permission Set, click into Object Settings and verify or modify the settings outlined below for your needs.

Do this across BOTH the Collateral Order & Mailer History Objects (both shown below).

When in doubt, be more liberal and just make all the tabs Available & Visible, and grant READ rights on all fields.  All the tabs will be isolated under the PrintSF App and won't clutter up your other Apps or tab sets.

 

UsePermSets_ObjectSettings

 

Collateral Order Tab Settings

Available - False

Visible - False

 

Collateral Order Object Permissions

READ ONLY

 

Collateral Order Field Permissions

Read Access on ALL FIELDS

(Exception:  Some orgs may want to disable Read access to select fields which show cost/pricing info such as "Order Total", "Amount on Account", etc.)

 

******************

 

Mailer History Tab Settings

Available - Yes

Visible - Yes

 

Mailer History Object Permissions

READ ONLY

 

Mailer History Field Permissions

Read Access on ALL FIELDS

 

 

Collateral Order Tab Settings

Available - True

Visible - True

 

Collateral Order Object Permissions

READ ONLY

 

Collateral Order Field Permissions

Read Access on ALL FIELDS

(Exception:  Some orgs may want to disable Read access to select fields which show cost/pricing info such as "Order Total", "Amount on Account", etc.)

 

******************

 

Mailer History Tab Settings

Available - Yes

Visible - Yes

 

Mailer History Object Permissions

READ ONLY

 

Mailer History Field Permissions

Read Access on ALL FIELDS

Collateral Order Tab Settings

Available - True

Visible - True

 

Collateral Order Object Permissions

MODIFY ALL

 

Collateral Order Field Permissions

Edit Access on ALL FIELDS

 

 

 

 

 

 

 

******************

 

Mailer History Tab Settings

Available - Yes

Visible - Yes

 

Mailer History Object Permissions

MODIFY ALL

 

Mailer History Field Permissions

Edit Access on ALL FIELDS

Permission Set Overview > Object Settings (PrintSF Visualforce Tab)

1-to-1 Only User

Full Site User

Sync User

Users that will need access to the broader full PrintSF site will need access to the PrintSF Tab (a Visualforce tab).  This is typically all Users except "1-to-1 Only" Users.  To expose the PrintSF Tab to Users, go to Object Settings > PrintSF and configure the tab as (a) Available and (b) Visible.

UsePermSets_ObjectSettingsPrintSFTab

No - Not Needed

Yes - Needed

No - Not needed purely for the Sync process, however if the Sync User  is a real person/User that will also use or access PrintSF, then the tab should be enabled.

Permission Set Overview  >  Visualforce Page Access

1-to-1 Only User

Full Site User

Sync User

Any User accessing PrintSF from Salesforce will need 2 Visualforce pages enabled.  To do so, go to the Permission Set's Visualforce Page Access settings and add printsf_PrintSF_Landing and printsf_PrintSF_Send as Enabled Visual Force Pages.

UsePermSets_EnableVisualforcePages

 

Yes - Needed

Yes - Needed

No - Not needed purely for the Sync process, however if the Sync User  is a real person/User that will also use or access PrintSF, then the pages should be enabled.

Permission Set Overview > System Permissions

1-to-1 Only User

Full Site User

Sync User

In addition to the above permissions, there are a handful of System Permissions varied User Types will need to fully utilize PrintSF.  Not all User Types need all these System Permissions, but the varied options are detailed below for your consideration.

UsePermSets_SysPerm

 

See below

See below

See below

System Permissions > API Enabled

All Users that will access PrintSF or serve as the Sync User need the System Permission of API Enabled turned on.

UsePermSets_SysPerm_APIEnabled

Yes - Needed

Yes - Needed

Yes - Needed

System Permissions > Export Reports

All Users that will create PrintSF Mail Lists which rely on a Salesforce Report as the mapped data source will need the System Permission of Export Reports turned on.

UsePermSets_SysPerm_ExportReports

No - Not Needed

Yes - Needed

No - Not Needed

System Permissions > Modify All Data

If the Sync User is not a SFDC System Admin, then the System Permission of Modify All Data will be needed so the sync process can update Mailer History records which are related to Leads & Contacts owned by all Users, and so the Sync User can trigger future Process Builder Flows and Workflow Rules you implement which may update various objects (ex:  Add a Task, Update Campaign Member Status, Add Campaign Member), irrespective of record ownership.

UsePermSets_SysPerm_ModifyAllDate

No - Not Needed

No - Not Needed

Yes - Needed

System Permissions > Run Flows

If the Sync User is not a SFDC System Admin, then the System Permission of Run Flows will be needed so the sync process can and Sync User can trigger future Process Builder Flows and Workflow Rules you implement which may update various objects (ex:  Update Leads & Contacts, Add a Task, Update Campaign Member Status, Add Campaign Member, etc), irrespective of record ownership.

UsePermSets_SysPerm_RunFlows

No - Not Needed

No - Not Needed

Yes - Needed