A blog dedicated to Salesforce Ohana

Delegate Administrator


In a big organization, a single admin can a big problem in terms of bandwidth issues. Normally admins are getting multiple requests like - creating users, updating profiles, resetting the password, running report etc. along with their daily meetings. So it will be really difficult for a single admin to handle all these requests by himself/herself. And that is the place where admins want to delegate some of their work to others (trusted colleagues). But trust me, it is a big decision. You should not give all the admin privilege to your colleagues even though he/she is a very trusted employee. Rather you should delegate few specific task to your colleagues. In Salesforce, we can do the same with DELEGATE ADMINISTRATION.

So basically Delegate Administrator will allow named users to manage other users within selected roles and profiles, as well as managed selected custom objects.

With Delegate Administration, you can configure named users to do the below things -

  • Role & Subordinate:  Delegate Administrator can create and edit users with specific roles and subordinates. The can't modify the role hierarchy though.
  • Profile:  Delegate Administrator can assign users(they create or edit) to assigned profiles. They can't modify the profile.
  • Permission Set: Delegate Administrator can add/remove selected permission sets from users(they create or edit) to assigned profiles. They can't modify the permission set.
  • Public Group: Delegate Administrator can add/remove selected public groups from users(they create or edit) to assigned profiles. They can't modify the public group.
  • Custom Object: Delegate Administrator can manage every aspect of the selected custom objects except object's permission on profiles. Delegate Admin can't create or modify relationship on the objects or set org-side sharing defaults.
  • Enable Login Access: Delegate Administrator can login in as a user belonging to the role hierarchy that they manage.
  • Unlock and Freeze User.
To make an existing user as "Delegate Administrator", you need "Customize Application" Permission and that user need "View Setup and Configuration" permission.

Note - "View Setup and Configuration" permission is always a tricky one as it will open up many  more permissions to the users. So before giving this permission to any user, you should think multiple times and justify yourself. Giving "View Setup and Configuration" permission to a user so that you can mark that user as Delegate Admin should NOT be the correct approach. I will highly recommend you to read the post - "Become More Efficient With Delegated Administrators" from AdminHero.

Use Case:
I have two users in my Org - Administrator (Sudipta Deb) and Non-Administrator(Mario Ruiz). I want to mark Mario as Delegate Administrator so that he can take care of creating/editing users with Profile - "Recruiter" or with the role - "VP, North America Sales". At the same time, I would like to make sure he can take some of the request related to custom objects - Position, Job Application, Employment Website, Job Posting.

Implementation:
  • Open Delegate Administration: Click on Setup | Administer | Security Controls | Delegate Administration.
  • Click on New
  • Put the below details as shown in the picture -
  • In the next page, under "User Administration", select the role - "VP, North America Sales" like shown below - 
  • In the next page, under "Assignable Profiles", select the profile- "Recruiter" like shown below 
     
  • In the next page, under "Custom Object Administration", select the objects - "Position, Job Application, Employment Website, Job Posting" like shown below - 
  • Add the user "Mario Ruiz" under "Delegated Administrator
  • Finally, it will look like - 

There are few limitations as well with Delegate Administrator which are -
  • Can't assign profiles or permission sets with "Modify All Data" permission.
  • The -None- option will not be available when selecting roles for new users.
  • For formula fields, accessing merge fields from another object requires delegate admin's permission on that object.
  • Can't modify permission sets.
  • Standard Objects are excluded from Delegated Administration. We have a Salesforce Idea open for this - https://success.salesforce.com/ideaView?id=08730000000BptIAAS
  • Another Salesforce Idea worth mentioning here is - Allowing Non-Admin users to import custom objects - https://success.salesforce.com/ideaView?id=08730000000Bre6
  • For security, profiles with the “Modify All Data” permission cannot be included under "Assignable Profiles". See the error when attempting to include the System Administrator profile. 
  • Delegate Admin can change the FLS for existing and newly created fields for those objects which are assigned to him/her. But Delegate Admin can't change the Object Level Permission on Profile.
Are you using Delegate Administrator in your org? What use case you are handling using Delegate Administrator? What problem(if any) you faced? Please share your feedback. 
Share:

5 comments:

  1. Nice information about delegate administrator My sincere thanks for sharing this post Please Continue to share this post
    Salesforce Training in Chennai

    ReplyDelete
  2. Excellent post!!! In this competitive market, customer relationship management plays a significant role in determining a business success. That too, cloud based CRM product offer more flexibility to business owners to main strong relationship with the consumers. Salesforce Training Institutes in Chennai| Salesforce Training Institutes in Chennai

    ReplyDelete
  3. Great post. wonderful information and really very much useful. Thanks for sharing and keep updating.
    Best VMware Training Institute in Chennai | Best VMware Training Institute in Velachery

    ReplyDelete
  4. Wonderful .. I will bookmark your web site and take the feeds additionally…I am happy to find numerous helpful information right here within the put up, we want work out extra strategies in this regard, thank you for sharing.
    Excellent Photoshop Training Institute in Chennai | Best Multimedia Training Institute in Velachery

    ReplyDelete

Follow Me

Enter your email address:

Delivered by FeedBurner

Popular Posts

Labels

Salesforce (99) Apex (43) admin (27) ADM (20) visualforce (20) dev 501 (19) integration (18) learn salesforce (17) 501 (16) SOAP (13) tutorial (11) Certification. (9) lightning (8) Trigger (7) test class (7) unit testing (7) design pattern (6) report (6) security (6) trailhead (6) Advanced Admin (5) New Features (5) SOQL (5) css (5) dashboard (5) debug (5) developer (5) formula (5) javascript (5) mobile (5) salesforce release (5) service cloud (5) solution management (5) use case (5) JSON (4) Lightning Experience (4) WebSphere (4) best practice (4) cast iron (4) component (4) github (4) html (4) polymer (4) profiles (4) responsive (4) tdd (4) ui (4) Certification (3) Live Chat (3) Performance (3) Products (3) Sales Cloud (3) Study Notes. (3) Summer15 (3) Tips (3) deployment (3) dynamic apex (3) event (3) license (3) map (3) mapbox (3) singleton (3) version controlling (3) Advanced Apex (2) Bulkify (2) Data Architecture and Management Certification (2) Distributed Version Controlling (2) Eclipse (2) Einstein (2) Force.com IDE (2) Governor Limit (2) IBM (2) Kitchener Developer Group (2) Lightning Design System (2) Live Agent (2) Online Event (2) Price Book (2) REST (2) SOSL (2) Spring 15 (2) Summer17 (2) ant (2) automation tool (2) basic (2) chatter (2) coding (2) communication (2) console (2) controller (2) documentation (2) flow (2) git (2) jquery (2) logging (2) permission (2) process builder (2) release (2) salesforce1 (2) strategy (2) xml (2) Agent Productivity (1) Analytics (1) Architect (1) Asynchronous callout (1) Bots (1) Browser (1) Bulk data load (1) CTA (1) Calendar (1) Canon (1) Case Management (1) Classic (1) Contact Center (1) Continuation (1) Continuous Integration (1) Cookie (1) Custom Metadata (1) Custom Object (1) Decorator Design Pattern (1) Diwali (1) Email (1) FSC (1) Financial Services Cloud (1) Goals (1) Groups (1) Guide (1) Household (1) Ideas (1) Implicit Sharing (1) Improvement (1) JourneyToCTA (1) KPIs (1) Kitchener User Group (1) Large Data Volume (1) LastModifiedDate (1) Metadata (1) Metrics (1) Omni-Channel (1) Opportunity (1) Person Account (1) Photo (1) Platform Developer I (1) Presentation (1) Product Schedule (1) Profile (1) Public Site (1) Query Plan (1) QuickReference (1) Reports (1) Role (1) SFDX (1) Salesforce DX (1) Salesforce Optimizer (1) Scratch Org (1) Session (1) Sharing (1) Site (1) Skills (1) Snap-ins (1) Spring 17 (1) Summer14 (1) Summer16 (1) Switch (1) SystemModStamp (1) Users (1) Webservice (1) Winter'15 (1) Winter'17 (1) access (1) agile (1) app (1) approval process (1) aura (1) awesome (1) backup (1) bitbucket (1) book (1) campaign (1) change set (1) code (1) code coverage (1) configuration (1) csv (1) custom button (1) custom settings (1) customization (1) data loader (1) database (1) delegate Admin (1) describe (1) dom (1) dreamforce (1) duplicate (1) dynamic (1) equals (1) error (1) field-level security (1) folder (1) ftp (1) generic (1) gift (1) global describe (1) hashcode (1) import wizard (1) jenkins (1) keynote (1) long running requests (1) monitoring (1) mysql (1) object (1) page layout (1) personal (1) power of one (1) record type (1) relationship (1) request (1) review (1) sub-tab (1) tab (1) username (1) visual workflow (1) workflow (1)

Total Subscribers

Total Pageviews