Profiles:

1. Profiles in the salesforce controls what user can access and what user can see in the
organization.
2. Every profile is designed for a specific license.
3. Profile Controls
• App Settings
• Tab
• Object
• Field Level Security
• Page layout
• General User Permissions
• Administrative Permissions (e.g., Set up Menu, Report Creation, Add Users etc.,)
• Session Settings
• Password Policies
• Login Hours
• Login IP Ranges
4. There are two types of Profiles in salesforce.
• Standard Profiles - Provided by salesforce where we cannot be modify most of the permissions.
• Custom Profiles - Created by admin by cloning the standard profile and customize to meet
needs.
Example of Standard Profile: System Administer Salesforce Platform user Chatter Free User
Custom Profiles: These are the profiles created by the users to meet the organizational business
requirement. Note : Every custom Profile is a clone of any one of the existing profile
What is Profile in Salesforce?
Profiles control what users can do in your Salesforce org. This can be referred to as CRED:
C = create
R = read
E = edit
D = delete
You may want some users in your org to read and edit Leads, but not delete them. CRED enables
you to mix and match what a specific user can do with each object.

In addition to objects, profiles also control:

Field-level security (which fields are visible or editable),
Page layouts,
Record types,
Apps,
Each Salesforce user in your org has a profile. Profiles are designed to group users into
functions, for example, ‘Sales’, ‘Support’ etc.
The most important profile in the org is ‘System Administrator’. Users in this profile have
absolute access to do anything. In addition to CRED, they will have ‘View all’ and ‘Modify all’
selected for each object.
They will also have ultimate permissions, namely ‘Modify all data’, ‘Customize application’ that
you would not want to give to any other users! (found under the ‘Administrative Permissions’
section).
Q: Can one profile be assigned for multiple users?
ANS: Yes, We can assign one profile to any number of users.
Q: If two users have same profile will they get same permissions?
ANS: Yes, that is the purpose of assigning of same profile to multiple users.
Q::Can we delete a standard Profile?
ANS : No we cannot delete ,but we can customize to an extent.
Q::Can we delete custom profile?
ANS : Yes, we can delete
Q::Which users can see the setup menu
ANS: Users whose profile has view setup and configuration option enabled.
Q:: Who can manage the profile ?
ANS: Users whose profile has the following permissions 1. Manage profiles and permission sets
2. Customize the Application can create /edit /delete the profiles
Q:: Can we deploy the profiles from sandbox to production ?
ANS : No
PERMISSION SET It is similar to profile but used to give extra permissions to user in addition
to profile permission. Example: If there are users assigned with a profile called Sales User. This
profile allows assignees to read, create, and edit leads. Some, but not all, of these users also need
to delete and transfer leads. Instead of creating another profile, create a permission set.

Profiles and permission sets both control CRED (Create, Read, Edit, Delete) permissions on
Objects, fields, user settings, tab settings, app settings, Apex class access, Visualforce page
access, page layouts, record types, login hours and login IP ranges. Every user must be assigned
a profile when they’re created on the platform — and there can only be one profile per user.
Essentially, a user's profile is the baseline authorization of access to the Org.
Permission sets are, as the name implies, a set of additional CRED permissions that can be
applied to different profiles. Typically they are task-based and related to different Objects and
managed packages. For example, Sales users may be assigned a permission set giving them
access to a CPQ app to generate quotes.
Users may be assigned multiple permission sets — or none at all, making them a far more
dynamic and flexible permissioning model than profiles. They were introduced with the intention
being mixed and matched, and given to different users depending on job role. Imagine a house
— permission sets are the keys for different rooms that are given to a single guest.
Last, but certainly not least, are Salesforce roles. Roles and sharing settings control what a user
can see, by governing access to records and folders. Unlike profiles, roles are hierarchical based
on the level of data access required. For example, a CEO or department head will likely need to
see more than an associate-level employee, for obvious reasons

In Lightning Experience

1. Click the gear icon > Setup

2. Enter Login Access Policies in the Quick Find box.
3. Select the Administrators Can Log in as Any User checkbox.
4. Click Save

HANDS ON – Create profile

Turn off Enhanced Profile User Interface.
A. Click Setup | Users | User Management Settings.
B. Next to Enhanced Profile User Interface, click the Enabled toggle switch to
turn off this feature. NOTE: Enhanced Profile User Interface is streamlined
for most operations, but when setting permissions for many objects like
you'll be doing in Step 3, the other interface is quicker.

1. Create a custom recruiter profile.

A. Click Setup | Users | Profiles.
B. Click New Profile.
i. Existing Profile: Select existing profile created
ii. Profile Name: Custom–Recruiter
C. Click Save.
3. Define the Custom–Recruiter profile to accomplish the business
requirements.
A. Click Edit.

Make Recuriting as Default App

B. Scroll down to the Standard Object Permissions section.

C. Uncheck Read for all standard objects. NOTE: Removing Read access on an
object automatically removes all other permissions on that object. It also
makes its Tab unavailable.
Click on OK

Remove Read Access for all Standard Objects

D. In the Custom Object Permissions section, set the permissions to Read,

Create, and Edit for all custom objects. (Remove Delete when necessary.)
E. Click Save.
 4. Turn Enhanced Profile User Interface back on.
A. Click Setup | Users | User Management Settings.
B. Next to Enhanced Profile User Interface, click the Disabled toggle switch to turn
this feature back on.

5. Assign a user to the new profile.

A. Click Setup | Users | Users.
B. Click the Edit link next to User Created .
C. Select Custom–Recruiter from the Profile picklist.
D. Click Save.

Follow the same steps to create CUSTOM – HR as well and assign it to other USER
A. Set the Positions access specified recruiters

B. Click Setup | Users | Profiles.

C. Click Custom-HR.
D. Click Object Settings.
E. Scroll down and click Positions.
F. Click Edit.
G. In the Object Permissions section enable Read, Create, Edit, Delete, and View All.
H. Click Save.

7. Make the Social Security Number field hidden for recruiters.

A. Click Setup | Users | Profiles | Custom–Recruiter.
B. Click Object Settings.
C. Click Candidates.
D. Click Edit.
E. In the Field Permissions section, clear Read Access on the Social Security Number
field.
F. Click Save.
G. Create a Candidate record.
i. In the upper left corner click the App Launcher icon.
ii. In the Search apps and items box, search for and click on Candidates.
iii. Click on the candidate created in an earlier exercise. Observe that the Social Security
Number field
Go to Users
Under Users go to Profiles
Select the profile you have created (Custom – Recruiter and Custom HR)
Go to Assigned Apps -- > Edit
Select the Recruiting App which you have created and Save it

A. Log in as User to test that the Social Security Number field is not visible to the
Custom–Recruiter profile.
i. Click Setup | Users | Users.
ii. Click the Login link next to Ruiz, Mario.
iii. Click the App Launcher icon.
iv. In the Search apps and items box, search for and click on Candidates.
v. Change the list view from Recently Viewed to All, then click on the
candidate viewed in Step G.
vi. Look below the Background Check Status field and verify that the Social
Security Number field is not visible.
B. Click Log out as User in the upper right of your screen.
CREATE Permission SET

1. Create a new permission set for hiring managers.

I. Click Setup | Users | Permission Sets.
 J. Click New.

K. Type Hiring Managers as the Label, and click Save.

NOTE: By leaving the license set to None, this permission set can be used for any
user regardless of her/his specific user license.
L. Click Object Settings.

M. Click Candidates from the Object Settings list.

N. Click Edit.
O. Check Visible in Tab Settings. (This automatically will check Available.)
P. Select Read from the Object Permissions list and click Save.
 Q. Click the down arrow next to Candidates to change the object, and set
access for other custom objects as follows (remember to click Save each
time before switching to another object):

Object Tab Settings Read Create Edit Delete

Interviewers Visible    
Job Applications Visible    
Job Postings N/A    
Job Posting Sites Visible    
Offers Visible    
Positions Visible    
Reviews N/A    
2. Assign users to the new permission set.
A. Click Manage Assignments.

B. Click Add Assignments.

C. Put checkmarks next to users click next and then click Assign.
 D. Click Done.

3. For the Interviewers permission set, add access to the custom

objects that you created.
A. Click Setup | Users | Permission Sets |
Create new Permission set – Label Name – Interviewers
B. Click Object Settings.
C. Click Job Postings from the Object Settings list.
D. Click Edit.
E. Check Read from the Object Permissions list and click Save.

F. Switch to the Positions object and set the Tab Settings to Visible and the
Object Permissions to Read access, then click Save.