Workspace Actions

---

Once you have retrieved security settings, the workspace will show the results. Now you can analyze, compare and contrast the security settings!

Want to compare security settings between environments?  Connect to a different environment and retrieve more settings.  When retrieving data, if the workspace already has data, you will be prompted to "clear the workspace".  Select "No" to keep the existing data and add the new data from another environment to the workspace.

Cells will be automatically colored as follows:

• Green (or Blue): Most permissive setting.
  • Green is the default, but Blue may be used instead by selecting "Red Yellow Blue" within Options->Color Scheme.
• Yellow: Middle permissive setting where applicable.
• Red: Permission denied.
• White (Blank): Permission not granted, but no change in security will be deployed to a target environment.

Hover over the Type or Name cell to see tooltips with the valid choices for that type of entity.  Note that for some entities, the available options vary between Profiles and Permission Sets.

Class:

• T=True
• F=False
• Blank=No access, do not change permission upon deploy

Page:

• T=True
• F=False
• Blank=No access, do not change permission upon deploy

Field:

• E=Edit
• R=Read
• H=Hidden
• Blank=No access, do not change permission upon deploy

Record Type:

• D=Default (Profile Only)
• V=Visible
• H=Hidden
• Blank=No access, do not change permission upon deploy

Tab (Profiles):

• On=Default On
• Off=Default Off
• H=Hidden

Tab (Permission Sets):

• V=Visible
• A=Available
• N=None
• Blank=No access, do not change permission upon deploy

Object:  Object permissions are different in that security settings are specified using multiple letters.  The permissions granted for Objects are based on the combination of letters specified.  The highest level of access for Objects would be specified as: CREDVM

• C=Create
• R=Read
• E=Edit
• D=Delete
• V=View All
• M=Modify All
• N=No access (May be used to deploy no access)
• Blank=No access, do not change permission upon deploy

Custom Permission:

• T=True
• F=False
• Blank=No access, do not change permission upon deploy

Application:

• D=Default (Profile Only)
• V=Visible
• H=Hidden
• Blank=No access, do not change permission upon deploy

System Permission:

• T=True
• F=False
• Blank=No access, do not change permission upon deploy

Custom Options (Profiles): DO NOT MODIFY

• T=True
• F=False
• Blank for Permission Sets

User License (Profiles): DO NOT MODIFY

• Salesforce License
• Blank for Permission Sets

Select an individual cell to edit values one at a time.

Select multiple cells and enter a single letter value to apply that value to all of the selected cells.

Select multiple cells and select Ctrl+C to copy multiple values.

Select a single cell and select Ctrl+V to paste the copied cell(s).  If multiple cells were copied, the copied cells will be pasted using the single cell as the top left corner of the copied cells.

Provides options for sorting the rows containing entities.  Options include:

• Standard: This is the default order entities are displayed.  This groups entities together by the types of entity.
• Object: This will group fields, record types and object entities that are part of an object together.
• Type->Name: This sorts entities first by Type and then by Name in either ascending or descending order.
• Name->Type: This sorts entities first by Name and then by Type in either ascenting or descending order.

Provides options for sorting the columns containing Profiles and Permission Sets.    There are three parameters used to sort security files:

• Conn: The nickname of the connection the security files was retrieved from.
• Type: The type of security file: Profile or Permission Set.
• Name: The name of the security file.

Columns can be sorted by any combination of the above in either ascending or descending order.

Determines which columns to show.  Options Include:

• All: Displays all retrieved security files.
• Profiles: Displays only profiles.
• Permission Sets: Displays only permission sets.
• With Zero Users: Displays profiles and permissions sets with zero users.  Note that the Option "Active Users Only" affects the count of Users for profiles and permission sets.
• With Non Zero Users: Displays profiles and permissions sets with one or more users.  Note that the Option "Active Users Only" affects the count of Users for profiles and permission sets.
•  With Environment Differences: If you have retrieved the same security files from different environments, you can use Workspace Actions->Highlight Environment Differences.  After using the Highlight Environment Differences function, this option shows only columns with differences between environments.  Other columns will be hidden. 
• By Name: Enter the name of a security file (or part of a name).  Columns with security file names that contain the entered text will be displayed.
• By User*: Displays a Profile and Permission Sets based on a selected user.  Note that the list of users and the Profile and Permission Sets associated to a user is based on the CURRENT connection.
• By Permission Set Group: Displays Permission Sets based on a select Permission Set Group.  Note that the list of Permission Set Groups and the associated Permission Sets is based on the CURRENT connection.

*  "Show Columns->By User" feature is only available for Security Zen Masters.

* "Show Columns->By Permission Set Group" feature is only available for Security Zen Masters.

Freezes or Unfreezes the Type and Name columns.  Freezing these columns applies when there are many security files.  When scrolling to the right, the Type and Name columns would normally scroll off to the left.  Freezing the columns prevents them from scrolling off to the left.

For some entities such as System Permissions and Object permissions, when security is not granted, no security settings are retrieved which results in a blank cell.  However, deploying an empty cell does not alter or remove security in the target environment.

The "Fill Blanks with False" option provides a convenient way to populate blank cells with False values.  Deploying False values removes security settings in the target environment.

Frequently, there are differences in entities between environments.  Security for an entity cannot be deployed to an environment if the entity does not exist in the target environment.

If you do not use this option prior to deployment, and there are entities in the workspace that do not exist in the target environment, you will get an error upon deployment.  The problem is the Salesforce error only specifies the first missing entity which results in a tedious process of deleting one row at a time.  This feature was developed to avoid this tedious process.

IMPORTANT!  It is recommended that you back up the workspace using the Export CSV File function prior to using this function because this feature deletes rows from the Workspace.

Once the workspace is configured and ready for deployment, connect to the target environment.  Select this option to delete rows in the workspace that do not exist in the target environment.

 When  a Profile is inserted into an environment, the Salesforce profile creation process starts  by cloning the "Standard" profile.  The permissions you specify in  Security Zen for your new profile are then applied on top of the cloned  "Standard" profile.  This can lead to some unexpected results!

This function addresses this issue by adding a row in the workspace for each Object in the connected Target environment not already listed in the workspace.  For Profiles that do not exist in the Target environment, Objects added will have the N value to indicate no access.  For Profiles that already exist in the Target Environment and for Permission Sets, Objects added will have a Blank value to not change the permission in the target environment.

IMPORTANT!  Not all objects are listed in the Configure window and therefore not all objects may be added using this function.  Work.com objects are known to not be included, but there may be others depending on your particular environment.  Always check the final permissions in Salesforce to ensure the desired permissions have been assigned.

Once the workspace is configured and ready for deployment, connect to the target environment.  Select this option to add Object rows in the workspace that exist in the target environment, but are not yet specified in the workspace.

If you have retrieved the same Profiles or Permission Sets from different environments, this feature highlights the differences.  Select this option to highlight the differences and then select this feature again to remove highlighting.  This only highlights differences between Profiles or Permission Sets that have identical names.

Note that highlighting is based on the cell values at the time this function is selected.  Highlighting is not modified by subsequent changes to cell values.  If you modify cell values, you will need to de-select and then re-select this option.

Hint: Use this feature in conjunction with the Workspace Actions -> Sort Columns -> Name->Conn->Type feature to provide a side by side comparison of Profiles and Permission Sets by environment.  

Hint: Use Workspace Actions->Show Rows->With Environment Differences, and Workspace Actions->Show Columns->With Environment Differences to see where the differences are.

This resets cells to the values that were last retrieved or imported.

This feature is available when the workspace is populated from a retrieve command or data is imported from a metadata folder.  This feature is not available if data is imported from a CSV file.  To reset values populated from a CSV file, you can re-import the CSV file.

This clears out the workspace of all data.

This imports a CSV file into the workspace.  The CSV file must be formatted appropriately with Types, Names, Security Files Names and Cell Values.  Try Exporting a CSV file to see the appropriate formatting.

This exports a CSV file from the workspace.

Imports Metadata XML files into the workspace by selecting a folder which must contain subfolders named "profiles" and/or "permssionsets".  Profiles and Permission Sets must be contained in the appropriate named subfolders.  The XML files must be formatted properly. 

After selecting a folder, you may select which types of entities to import.  Only security features supported by Security Zen will be imported.

Try exporting Metadata files to see the appropriate formatting.  

* Import Metadata feature is only available for Security Zen Masters.

This exports Metadata XML files from the workspace.

* Export Metadata feature is only available for Security Zen Masters.

Note that the workspace context menu displays different options depending on where you click. 

• Find Row Name (Ctrl+F) - Jumps to a row where an entity name contains specified text
• Find Col Name (Ctrl+G) - Jumps to a column where a Security File name contains specified text
• Show All Rows
• Show Rows By Type
• Show Rows By Name
• Show All Columns
• Show Columns By Name

Note that some options may be greyed out depending on where the context menu is launched from.  

• Copy (Ctrl+C)
• Paste (Ctrl+P)
• Hide Row(s)
• Hide Column(s)
• Delete Row(s)
• Delete Column(s)
• Freeze Column(s)
• List Users * - see explanation below
• Copy To Permission Set - see explanation below
• Merge to New Permission Set - see explanation below

This option is only available when right clicking on a column header.  Provides list of users with selected profile or permission set.

 *  "List Users" feature is only available for Security Zen Masters. 

This option is only available after you have selected cells from a single Profile, and then right click.  You will be prompted to provide a Name, Label and Description for a new Permission Set based on the selected Profile.

Select "Ok" to create the new Permission Set which will be added as a new column in the workspace.  Entity permission values will be copied from the Profile to the new Permission Set with the following modifications:

Tab:

• Default On -> Visible
• Default Off -> Available
• Hidden -> None

Record Types:

• Default -> Visible

Other entities will be copied with the same values as the source Profile.

Only retrieved entities will be copied.  Entities not retrieved or not supported by Security Zen such as, but not limited to, Assigned Connected Apps, External Data Source Access, Named Credential Access, Data Category Visibility, Flow Access, and Service Presence Statuses Access will not be copied.

You must "Deploy" the new Permission Set to Salesforce in order to create the new Permission Set in Salesforce.  Be sure to specify a new unique name for the Permission Set.  When you go to deploy the Permission Set, you should be prompted that you are "inserting" the Permission Set instead of "updating" an existing Permission Set.  If you are prompted that you are "updating" the Permission Set, then the Name of the Permission Set is not unique.

IMPORTANT:  Note that some differences may be introduced based on dependency requirements and differences between Profile and Permission Set structures.  It is recommended that after deploying the the copied Permission Set to Salesforce, a detailed comparison is performed between the original Profile and the copied Permission Set to identify any modifications introduced during deployment.

This option is only available after you have selected cells from multiple Permission Sets, and then right click.  You will be prompted to provide a Name, Label and Description for a new Permission Set based on the selected Permission Sets.

Select "Ok" to create the new Permission Set which will be added as a new column in the workspace.  Entity permission values will be merged based on the selected Permission Sets to the new Permission Set.  Two Merge approaches are available:

• OR: New Entity Permission is the highest permission granted from any of the source Permission Sets 
• AND: New Entity Permission is the highest permission granted by all of the source Permission Sets

For Example, if merging two permission sets where one grants Read access to a field and the second grants Edit access to the same field, then the new Permission Set will have the following access:

• OR: Edit access because this is the highest permission granted by any of the source Permission Sets
• AND: Read access because all source Permission Sets grant this access

If the source Permission Sets are associated with different Licenses, you will be prompted to select one of the License to associate with the new Permission Set.  If this occurs, be advised that not all entities are available with all  license types.  Deployment may fail if you select a license that does not include the select entities.  Use caution when merging Permission Sets with different license types.

Only retrieved entities will be merged.  Entities not retrieved or not supported by Security Zen such as, but not limited to, Assigned Connected Apps, External Data Source Access, Named Credential Access, Data Category Visibility, Flow Access, and Service Presence Statuses Access will not be merged. 

You must "Deploy" the new Permission Set to Salesforce in order to create the new Permission Set in Salesforce.  Be sure to specify a new unique name for the Permission Set.  When you go to deploy the Permission Set, you should be prompted that you are "inserting" the Permission Set instead of "updating" an existing Permission Set.  If you are prompted that you are "updating" the Permission Set, then the Name of the Permission Set is not unique.