Ask Search:
Mario DMario D 
Our sales org is organized with sales people and one support personnel for each sales rep.
Sales reps are owners of the accounts and they cannot see each-other's accounts.
The sales support people are assigned to the accounts through a custom filed.
Is there any way to limit the visibility to the accounts for the support people same as well?
Best Answer chosen by Mario D
Benjamin DoolanBenjamin Doolan
I'm new so please forgive me if this is a stupid question (or answer for that matter)...
Is the custom field that is used part of a criteria based sharing rule? Are you having more than 1 support person assigned to the same account and want to limit their visibility to only accounts for the sales person that they support?

Have you tried account teams? Since it is a 1:1 sales-to-support ratio and the type of access could be controlled for the support personnel as well as limit them to accessing only accounts they are on. Downside to this is I think the sales person would have to manually add the team to each account.

I also think a more automated method might be to put each support & sales personnel into "groups" and then construct a sharing rule for each group based on the owner of the account record (which would be the group). Then assign that sharing rule to each respective support person.

Hope that helps and if someone comes along and sees errors above please help me learn!
Kamalakannan SomasundaramKamalakannan Somasundaram 
I've created an object and for that i've created a record type as well ... 

What is the use for the record type and where we using it?

(i'm a begginer so have lot of questions in my mind.)

Best Answer chosen by Kamalakannan Somasundaram
Sindoora gSindoora g
Record Types are used to create different business processes.

for example : if you are working on an application that manages two business process like you want to manage accounts for two commodities A and B .

You want certain fields and picklist values on Commodity A page and different ones on Commodity B page.

You create 2 record types for  Commodity A and B for different picklist to appear on these pages and 2 pagelayouts to control the fields on A and B commodities.

you will assign record type to Page layout i.e for record type A what pagelayout should be displayed,same for B.

Now when you click on Account Tab ,you will have the option to select record type A or B .

You can also control Users who have access to record type A or B or Both in profiles.

Hope you got some idea.
Devon HowardDevon Howard 
I have several questions about the implications of using permission sets. I have consulted all of the help materials on this topic that are available through the Salesforce Help & Training portal. My hope is that rather than responding to these questions with SF link to knowledge articles, documentation, etc. (unless the link really does answer the questions), I will get specific answers to my questions.

Currently, we do not leverage the role hierarchy structure. We use only a few objects and set the OWD for those objects to private.  We then use profiles, sharing rules, and public groups to control object and record access. I am trying to determine whether permission sets would allow us to:
a. reduce the number of profiles we use
b. reduce the number of public groups we use

My questions are:

1. Can we use permission sets to restrict access compared to the profile settings, or only open up access from the profile baseline?

2. In this location: Permission sets > Apps > Object Settings > select the object > field permissions, does the edit permission give the permission set assignee permission to edit field values on records she has access to, but does not own? What does this edit permission do, exactly?

3. What is the relationship between public group membership and permission set assignment?  It seems to me that both grant individual users (or groups of users) access to data that they could not access based on profile alone. The way they work differently, however, is still vague to me-- even after reading the help materials on SF. What are the benefits of using each?

4. Is it possible to provide access to report and dashboard folders through permission sets? Currently, if a user building a report folder selects "this folder is accessible only by the following users"  the options to select from are role, role and subordinates, and public groups. We only use public groups from this drop down list. We would like to use permission sets instead of public groups (or roles) to grant access to report and dashboard folders. Is it possible to add permission sets to that drop down list?

Related to the above question, I tested a work around for granting access to a report folder: Permission sets > System > System Permissions > enabling create and customize reports, run reports, report builder, and manage dashboard permissions. Then, in Permission sets > Apps > Object Settings > (example custom object), I enabled access to the XYZ record type.

I assigned the permission set to a user. I then checked to see if my user with the permission set had access to the XYZ report folder. The user did not have access. I then added my user to the XYZ public group and confirmed that the XYZ public group had access to the XYZ report folder. I tested my user's access to the XYZ report folder, and my user did have access. It seems, therefore, that the only way to grant report/dashboard folder access using permission sets would be to add permission sets to the options in the "this folder is accessible only by the following users" drop down list.

Clarification on any/all of this is much appreciated!
Best Answer chosen by Devon Howard
Rebecca WhitefieldRebecca Whitefield
1. Permission sets can only grant permissions, not deny them so they can only open up access.

2. The edit permission in this location allows users to edit field values on records they have access to. Record access is determined through sharing settings.

3. The short answer is they give access to different things. As I alluded to in my answer to #2, permissions and sharing settings are two separate areas of security. Permissions determine the kinds of records users can create, read, edit or delete. Sharing settings determine which individual records users can view and edit in each object. So the difference in permission sets and public groups is that permission sets allow you to grant additional permissions to specific users, whereas public groups are used in sharing rules to grant access to specific records. 

4. To my knowledge, it is not possible to provide access to report and dashboard folders through permission sets.
Zeeshan UddinZeeshan Uddin 
How can I change my email address on as my email domain has been changed.
Best Answer chosen by Miglena ( 
Alfred SmithAlfred Smith
I went to answer tab, then I saw the butten and I could ch​ange my emailUser-added image
Ashley McKayAshley McKay 


I'm looking into the TLS 1.0 encryption switch off and I can see that for production orgs the date is 4th March 2017 but for is not yet known.

What is the difference between these two?  I thought production org would be

Best Answer chosen by Ashley McKay
Vineet Kumar SinghVineet Kumar Singh
On production environments, it need to be updated before 4th of March.
Richard HoustonRichard Houston 

This might be a silly question as I don't have much experience in setting up SSO or redirects. But here goes.

How does one get a nicer URL for single sign on? 

Instead of: [sitename]

How could I get: salesforce.[sitename].com ?

Do I still need to create the custom my domain in salesforce? Then have the url created by our web admins to redirect to the [sitename] then the SSO page? 

Best Answer chosen by Richard Houston
David HindmanDavid Hindman
Hi Richard — Technically you wouldn't need My Domain to redirect a subdomain to, but My Domain is recommeded for security reasons, so I would keep it. Since My Domain has the standard format as you mentioned above, you won't be able to get the salesforce.[sitename].com url to persist once a login occurs, but the redirect should work either way.
Liz Markee-BehrendsLiz Markee-Behrends 
I am the system admin and I am trying to login into one of our developer sandboxes. 

I have the right email and password, but then it asks for a verficaiton code, which has been sent to the incorrect email ( No one else has access to this sandbox so is there a way to work around it when I can't even login? 
Best Answer chosen by Liz Markee-Behrends
Brent PottingerBrent Pottinger
Last time this happened to me I had to call Salesforce and have them reset my password and edit the email on the user record to be correct (instead of how it appends .sandbox or whatever you called your sandbox.) Then once I was able to login I whitelisted my IP address so no one else would have to deal with a verification code.
Barrie RobertsonBarrie Robertson 
I'm aware of which provides comprehensive information about server clusters hosting Salesforce instances, is there similar for Marketing Cloud?
Specifically we're on MC.S7. where is this located?
Best Answer chosen by Barrie Robertson
ManshuManshu (TZ ORG) 
Hi Barrie,

To answer part of your question, I found this link for checking the status on MC services on this website:

Thank you.
Scott StrongScott Strong 
Hi all

Question: Are administrators using the Salesforce Shield platform able to see when a record has been viewed? 

Requirement: Our security team want to be able to see when a contact record has been viewed and by who. Not just for "VIP" contacts but for all.

I cannot find wading through all of the Salesforce documentation whether this is possible, however pre-sales led us to believe it's possible.

Many thanks in advance
Best Answer chosen by Scott Strong
MiglenaMiglena ( 
Hello Scott,

Based on the information I found, it seems that event monitoring should cover user activities in your org.  Please take a look at the list of events which this product covers: 

URI which would lead to the recordIDs of the records viewed/accessed by users or even reports exported by users is covered. I'd also suggest reaching out to your Account team to help with a demo and overview of the product. 

Hope this helps!
Kevin TsuiKevin Tsui 
Hi.  I have a user that is constantly being asked to activate their computer on the same source IP.  Here's the recent log below.  I've whitelisted that IP under "Network Access".  But any ideas?  Thanks.

User-added image
Best Answer chosen by Kevin Tsui
Kevin TsuiKevin Tsui
Update!  I ended up submitting a case because the user was still experiencing the issue.  Here is the response from the agent.

Please be aware, with the Spring release, there has been an update with how Salesforce verifies user identity. The primary change is that Salesforce now utilizes the local browser to cache logins. This process updates the browser itself upon successful verification. Thus, if your browser blocks or removes its browser data, you will be repeatedly prompted to verify at the next login. You may review the change further via this Article: There are 3 different ways to prevent these prompts: (you only need to implement one of these options)

1. Update the Network Access of your org with all approved IP ranges. This will resolve the issue entirely for anyone signing in from those approved addresses.

2. Login IP Restrictions can be added for each individual profile to limit the access of those users to a known set of approved ranges.

3. Lastly, you could simply ensure that your users are not clearing their browsing data, or that the browsers are not clearing the data upon browser close.