AdvoLogix is built with security as the foundation for the entire service. It includes both protection for your data and applications and the ability to implement your own security scheme to reflect the structure and needs of your organization.
The security features of AdvoLogix provide both strength and flexibility. However, protecting your data is a joint responsibility between you and AdvoLogix. This feature enable you to empower your users to do their jobs efficiently, while also limiting exposure of data to the users that need to act upon it. You should implement the security controls that you think are appropriate for the sensitivity of your data. Your data is protected from unauthorized access from outside your company, and you should also safeguard it from in appropriate usage by your users.
For Additional Details see Security Chapter
If you have a requirement to set up record security and access to objects for different groups
of users, under Sharing Settings, you can change the default “Full Access” permissions Role
and add Sharing Rules based on your requirements. To implement a security model you will
also need to configure settings for Profiles and Roles.
You can View and Edit your sharing settings:
By clicking Setup | Administration Setup | Security Controls | Sharing Settings.
On Sharing Setting page, you can either view all lists at once, or you can use the Manage sharing settings for drop-down list at the top of the page to view only organization-wide defaults and sharing rules for a selected object.
Organization-wide defaults specify the default level of access to records and can be set separately for activities, contacts, matters, calendars, price books, and custom objects For most objects, organization-wide defaults can be set to Private, Public Read Only, or Public Read/Write.
Click Edit in the Organization Wide Defaults area to change the Default Access of Objects.
Click Save after setting the access permission.
Setting Field-level Security
Using Field-level security, administrators can restrict users’ access and set controls as to whether a user can see, edit, and delete the value for a particular field on an object.
Unlike page layouts, which only control the visibility of fields on detail and edit pages, field-level security controls the visibility of fields in any part of the app, including related lists, list views, reports, and search results.
* For example, if a fields required in the page layout and read only in the field-level security settings, the field-level security overrides the page layout and the field will be read only for the user.
Setting Access for Fields on a Single Profile
1. Select Your Name | Setup | Administration Setup | Manage Users | Profiles.
Select a profile to change the field access.
Field permissions specify the access level for each field in an object.
Depending on which interface you're using, do one of the following:
Permission sets or enhanced profile user interface—In the Find Settings... box, enter the name of the object you want and select it from the list. Click Edit, then scroll to the Field Permissions section.
Original profile user interface—In the Field-Level Security section, click View next to the object you want to modify, and then click Edit.
Setting Password Policies
There are several settings you can configure to ensure that your user's passwords are strong and secure.
Click Your Name | Setup | Administration Setup | Security Controls | Password Policies.
Customize the following password settings.
·Password policies—set various password and login policies, such as specifying an amount of time before all users' passwords expire, the level of complexity required for passwords, and so on.
·User password expiration—expire the passwords for all the users in your organization (except for users with “Password Never Expires” permission.)
·User password resets—reset the password for specified users.
·Login attempts and lockout periods—if a user is locked out of Salesforce due to too many failed login attempts, you can unlock them.
Setting Session Security
You can modify session security settings to control the session timeout warning and to prevent "IP shifting" for users that are logged in.
1. Click Your Name | Setup | Administration Setup | Security Controls | Session Settings.
2. Customize the session security settings.
Select Timeout value as Length of time after which the system prompts users who have been inactive to log out or continue working. Select a value between 30 minutes and 8 hours. Choose a shorter timeout period if your organization has sensitive information and you want to enforce stricter security.
Disable session timeout warning popup checkbox, means whether the system prompts users with a timeout warning message after any length of inactivity. Select this option to provide extra security.
Lock sessions to the IP address from which they originated, determines whether user sessions are locked to the IP address from which the user logged in, helping to prevent unauthorized persons from hijacking a valid session. Selecting this checkbox prevents you from registering any Force.com AppExchange packages.
Require secure connections (https), means whether logins and all access to Salesforce are required to use HTTPS. This checkbox is enabled by default, but it can be disabled to allow HTTP connections too. You should require HTTPS connections for enhanced security.
Force Re-login After Login-As-User, means whether an administrator that is logged in as another user is returned to their previous session after logging out as the secondary user. If this checkbox is checked, an administrator must log in again to continue using Salesforce after logging out as the user; otherwise, the administrator is returned to their original session after logging out as the user.
By selecting Enable caching and password autocomplete on login page checkbox, determines whether users' browsers can store usernames and passwords, and, after an initial log in, automatically enter this information on the login page. By default, caching and autocomplete is enabled.
Package Support Access
Package Support Access allows AppExchange publishers to access an organization that has installed their licensed package,to identify installation problems or perform other support activities without exchanging credentials. As an AppExchange publisher,Package Support Access gives you read-only access to the App Setup area of a subscriber organization, including the pages under the Create, Customize, and Develop sections. Configuration issues commonly occur on initial package installation, particularly when the package requires manual configuration on the part of the subscriber administrator. Setup access is usually enough to troubleshoot configuration issues. The package and its version must be registered on AppExchange for Setup access to work.
For more information visit Force.com