Loading

CRM Analytics App visibility and 'View All Data' and 'Modify All Data' permissions

Дата публикации: Aug 3, 2023
Описание

CRM Analytics apps have sharing behavior that is similar to the core Report and Dashboard folder sharing, as documented here.


When users have been granted the "View All Data" or "Modify All Data" system permissions, they have access to apps that transcends the sharing functionality.

Note: "View All Data" and "Modify All Data" are potent permissions, and should be granted sparing and only to users that absolutely need that level of access. Details are available here.
Решение

Standard Permissions

When a user has the appropriate permission set license and the associated Use/Access permissions, they can view apps tied to the same license that they have been granted for at least Viewer access (directly by User, or indirectly by Role or Group).
 
For example:
A user with the following configuration will have access only to Sales Analytics templates and apps:
Permission Set License: "Sales Cloud Einstein"
Permissions: "Access Sales Cloud Analytics Templates and Apps" and "Use Analytics Templated Apps"
 

View All Data

If a user is granted "View All Data", they will be able to see all apps tied to their assigned permission set license(s).
 
Continued example:
The user will have visibility on ALL Sales Analytics generated apps, regardless of if they have been shared.
The user will be able to see the contents (datasets, lens, dashboards) of the apps.
 

Modify All Data

If a user is granted "Modify All Data", they will be able to see and edit all apps tied to their assigned permission set license(s).
 
Continued example:
The user will have visibility and edit capabilities on ALL Sales Analytics generated apps, regardless of if they have been shared.
The user will be able to see and edit the contents (datasets, lens, dashboards) of the apps.
 

Security Predicate

It is important to note that the Security Predicate applies row-level security at a query level for datasets. The View All Data and Modify All Data permissions do not override the Security Predicate. Users with these permissions will not be able to view records that are blocked via the Security Predicate. More details on implementing row-level security can be found here.
Continued example:
If the user's visibility is restricted by the Security Predicate on datasets, they will only have visibility on related lenses and dashboards to the records granted by the Security Predicate.
Caution: With "Modify All Data" the user will be able to edit datasets to modify or remove the Security Predicate.
Номер статьи базы знаний

000382181

 
Загрузка
Salesforce Help | Article