This document provides an Administrator with the information required to either install the Borobudur package into a new org or upgrade an existing version of the package.
To achieve Salesforce’s Security accreditation for the Borobudur package, a full review of the security in the package was performed. Several security best practices have been implemented to stay up to speed with Salesforce’s security model. Several improvements have been made in actions performed by the Force.com read-only site user.
Changes made include:
In addition, a new security model has been introduced to allow users to perform privileged actions based on the custom permissions assigned to them.
Details of the new security model can be found in the document below.
Salesforce’s recommendation is that customers deprecate their use of profiles and use permission sets to grant the access needed by their users. Kaptio understand that is potentially a large undertaking, but Salesforce provide tools to perform the conversion from a profile to a permission set.
There are currently some access rights that cannot be granted by permission sets, they are documented here Converting Profiles to Permission Sets
The profile to permission set conversion is User Access & Permissions Assistant package. The package is free and can be downloaded here.
To prevent having to assign multiple permission sets to users, Kaptio recommend that customers use permission set groups. A single group containing multiple permission sets may be assigned to a user. Click here for information on permission set groups.
Permissions set groups were used by Kaptio during the testing of Borobudur. A permission set group was created for a sales assistant, and all the permission sets required for this role were added to the permission set group. This group was assigned to the sales users used during testing.
The following section(s) must be reviewed prior to deploying the Borobudur package.