Workspace Actions

Once you have retrieved security settings, the workspace will show the results. Now you can analyze, compare and contrast the security settings!


Want to compare security settings between environments?  Connect to a different environment and retrieve more settings.  When retrieving data, if the workspace already has data, you will be prompted to "clear the workspace".  Select "No" to keep the existing data and add the new data from another environment to the workspace.

Color Coding

Cells will be automatically colored as follows:

  • Green (or Blue): Most permissive setting.
    • Green is the default, but Blue may be used instead by selecting "Red Yellow Blue" within Options->Color Scheme.
  • Yellow: Middle permissive setting where applicable.
  • Red: Permission denied.
  • White (Blank): Permission not granted, but no change in security will be deployed to a target environment.

Valid Settings

Hover over the Type or Name cell to see tooltips with the valid choices for that type of entity.  Note that for some entities, the available options vary between Profiles and Permission Sets.


Class:

  • T=True
  • F=False
  • Blank=No access, do not change permission upon deploy

Page:

  • T=True
  • F=False
  • Blank=No access, do not change permission upon deploy

Field:

  • E=Edit
  • R=Read
  • H=Hidden
  • Blank=No access, do not change permission upon deploy

Record Type:

  • D=Default (Profile Only)
  • V=Visible
  • H=Hidden
  • Blank=No access, do not change permission upon deploy

Tab (Profiles):

  • On=Default On
  • Off=Default Off
  • H=Hidden

Tab (Permission Sets):

  • V=Visible
  • A=Available
  • N=None
  • Blank=No access, do not change permission upon deploy

Object:  Object permissions are different in that security settings are specified using multiple letters.  The permissions granted for Objects are based on the combination of letters specified.  The highest level of access for Objects would be specified as: CREDVM

  • C=Create
  • R=Read
  • E=Edit
  • D=Delete
  • V=View All
  • M=Modify All
  • N=No access (May be used to deploy no access)
  • Blank=No access, do not change permission upon deploy

System Permission:

  • T=True
  • F=False
  • Blank=No access, do not change permission upon deploy

Custom Options (Profiles): DO NOT MODIFY

  • T=True
  • F=False
  • Blank for Permission Sets

User License (Profiles): DO NOT MODIFY

  • Salesforce License
  • Blank for Permission Sets

Entering data

Select an individual cell to edit values one at a time.

Select multiple cells and enter a single letter value to apply that value to all of the selected cells.

Select multiple cells and select Ctrl+C to copy multiple values.

Select a single cell and select Ctrl+V to paste the copied cell(s).  If multiple cells were copied, the copied cells will be pasted using the single cell as the top left corner of the copied cells.

Sort Rows

Provides options for sorting the rows containing entities.  Options include:

  • Standard: This is the default order entities are displayed.  This groups entities together by the types of entity.
  • Object: This will group fields, record types and object entities that are part of an object together.
  • Type->Name: This sorts entities first by Type and then by Name in either ascending or descending order.
  • Name->Type: This sorts entities first by Name and then by Type in either ascenting or descending order.

Sort Columns

Provides options for sorting the columns containing Profiles and Permission Sets.    There are three parameters used to sort security files:

  • Conn: The nickname of the connection the security files was retrieved from.
  • Type: The type of security file: Profile or Permission Set.
  • Name: The name of the security file.

Columns can be sorted by any combination of the above in either ascending or descending order.

Show Rows

Determines which rows to show.  Options Include:

  • All: Display all retrieved rows.
  • Different: Only display rows that contain one or more differences in settings between retrieved security files.
  • Same: Only display rows that are identical in settings for all retrieved security files.

Show Columns

Determines which columns to show.  Options Include:

  • All: Displays all retrieved security files.
  • Profiles: Displays only profiles.
  • Permission Sets: Displays only permission sets.
  • With Zero Users: Displays profiles and permissions sets with zero users.  Note that the Option "Active Users Only" affects the count of Users for profiles and permission sets.
  • With Non Zero Users: Displays profiles and permissions sets with one or more users.  Note that the Option "Active Users Only" affects the count of Users for profiles and permission sets.
  • By User*: Displays a Profile and Permission Sets based on a selected user.  Note that the list of users and the Profile and Permission Sets associated to a user is based on the CURRENT connection.

*  "Show Columns->By User" feature is only available for Security Zen Masters.

Freeze Columns

Freezes or Unfreezes the Type and Name columns.  Freezing these columns applies when there are many security files.  When scrolling to the right, the Type and Name columns would normally scroll off to the left.  Freezing the columns prevents them from scrolling off to the left.

Fill Blanks with False

For some entities such as System Permissions and Object permissions, when security is not granted, no security settings are retrieved which results in a blank cell.  However, deploying an empty cell does not alter or remove security in the target environment.


The "Fill Blanks with False" option provides a convenient way to populate blank cells with False values.  Deploying False values removes security settings in the target environment.

Remove Entities From Workspace Not In Connection

Frequently, there are differences in entities between environments.  Security for an entity cannot be deployed to an environment if the entity does not exist in the target environment.


If you do not use this option prior to deployment, and there are entities in the workspace that do not exist in the target environment, you will get an error upon deployment.  The problem is the Salesforce error only specifies the first missing entity which results in a tedious process of deleting one row at a time.  This feature was developed to avoid this tedious process.


IMPORTANT!  It is recommended that you back up the workspace using the Export CSV File function prior to using this function because this feature deletes rows from the Workspace.


Once the workspace is configured and ready for deployment, connect to the target environment.  Select this option to delete rows in the workspace that do not exist in the target environment.

Add Missing Objects to Workspace From Connection

 When  a Profile is inserted into an environment, the Salesforce profile creation process starts  by cloning the "Standard" profile.  The permissions you specify in  Security Zen for your new profile are then applied on top of the cloned  "Standard" profile.  This can lead to some unexpected results!


This function addresses this issue by adding a row in the workspace for each Object in the connected Target environment not already listed in the workspace.  For Profiles that do not exist in the Target environment, Objects added will have the N value to indicate no access.  For Profiles that already exist in the Target Environment and for Permission Sets, Objects added will have a Blank value to not change the permission in the target environment.


IMPORTANT!  Not all objects are listed in the Configure window and therefore not all objects may be added using this function.  Work.com objects are known to not be included, but there may be others depending on your particular environment.  Always check the final permissions in Salesforce to ensure the desired permissions have been assigned.


Once the workspace is configured and ready for deployment, connect to the target environment.  Select this option to add Object rows in the workspace that exist in the target environment, but are not yet specified in the workspace.

Highlight Environ Diff

If you have retrieved the same Profiles or Permission Sets from different environments, this feature highlights the differences.  Select this option to highlight the differences and then select this feature again to remove highlighting.  This only highlights differences between Profiles or Permission Sets that have identical names.

Note that highlighting is based on the cell values at the time this function is selected.  Highlighting is not modified by subsequent changes to cell values.  If you modify cell values, you will need to de-select and then re-select this option.

Hint: Use this feature in conjunction with the Workspace Actions -> Sort Columns -> Name->Conn->Type feature to provide a side by side comparison of Profiles and Permission Sets by environment.

Reset Values

This resets cells to the values that were last retrieved or imported.

Clear Workspace

This clears out the workspace of all data.

Import CSV File...

This imports a CSV file into the workspace.  The CSV file must be formatted appropriately with Types, Names, Security Files Names and Cell Values.  Try Exporting a CSV file to see the appropriate formatting.

Export CSV File...

This exports a CSV file from the workspace.

image3

Import Metadata...

Imports Metadata XML files into the workspace by selecting a folder which must contain subfolders named "profiles" and/or "permssionsets".  Profiles and Permission Sets must be contained in the appropriate named subfolders.  The XML files must be formatted properly. 


After selecting a folder, you may select which types of entities to import.  Only security features supported by Security Zen will be imported.


Try exporting Metadata files to see the appropriate formatting.  


* Import Metadata feature is only available for Security Zen Masters.

Export Metadata...

This exports Metadata XML files from the workspace.


* Export Metadata feature is only available for Security Zen Masters.

Workspace Context Menu

Select multiple cells and right click on the selected area to access the Workspace Context Menu

Hide Row(s)

Hides the selected rows.

Hide Column(s)

Hides the selected columns.

Delete Row(s)

Deletes the selected rows.

Delete Column(s)

Deletes the selected columns.

Freeze Column(s)

Freezes the selected columns and all columns to the left of the selected columns.



List Users*

This option is only available when right clicking on a column header.  Provides list of users with selected profile or permission set.


 *  "List Users" feature is only available for Security Zen Masters. 

Copy to New Permission Set

This option is only available after you have selected cells from a single Profile, and then right click.  You will be prompted to provide a Name, Label and Description for a new Permission Set based on the selected Profile.


Select "Ok" to create the new Permission Set which will be added as a new column in the workspace.  Entity permission values will be copied from the Profile to the new Permission Set with the following modifications:


Tab:

  • Default On -> Visible
  • Default Off -> Available
  • Hidden -> None


Record Types:

  • Default -> Visible


Other entities will be copied with the same values as the source Profile.


Only retrieved entities will be copied.  Entities not retrieved or not supported by Security Zen such as, but not limited to, Application Permissions and Custom Permissions will not be copied.


You must "Deploy" the new Permission Set to Salesforce in order to create the new Permission Set in Salesforce.  Be sure to specify a new unique name for the Permission Set.  When you go to deploy the Permission Set, you should be prompted that you are "inserting" the Permission Set instead of "updating" an existing Permission Set.  If you are prompted that you are "updating" the Permission Set, then the Name of the Permission Set is not unique.


IMPORTANT:  Note that some differences may be introduced based on dependency requirements and differences between Profile and Permission Set structures.  It is recommended that after deploying the the copied Permission Set to Salesforce, a detailed comparison is performed between the original Profile and the copied Permission Set to identify any modifications introduced during deployment.

Merge to New Permission Set

This option is only available after you have selected cells from multiple Permission Sets, and then right click.  You will be prompted to provide a Name, Label and Description for a new Permission Set based on the selected Permission Sets.


Select "Ok" to create the new Permission Set which will be added as a new column in the workspace.  Entity permission values will be merged based on the selected Permission Sets to the new Permission Set.  Two Merge approaches are available:

  • OR: New Entity Permission is the highest permission granted from any of the source Permission Sets 
  • AND: New Entity Permission is the highest permission granted by all of the source Permission Sets


For Example, if merging two permission sets where one grants Read access to a field and the second grants Edit access to the same field, then the new Permission Set will have the following access:

  • OR: Edit access because this is the highest permission granted by any of the source Permission Sets
  • AND: Read access because all source Permission Sets grant this access


If the source Permission Sets are associated with different Licenses, you will be prompted to select one of the License to associate with the new Permission Set.  If this occurs, be advised that not all entities are available with all  license types.  Deployment may fail if you select a license that does not include the select entities.  Use caution when merging Permission Sets with different license types.

 

You must "Deploy" the new Permission Set to Salesforce in order to create the new Permission Set in Salesforce.  Be sure to specify a new unique name for the Permission Set.  When you go to deploy the Permission Set, you should be prompted that you are "inserting" the Permission Set instead of "updating" an existing Permission Set.  If you are prompted that you are "updating" the Permission Set, then the Name of the Permission Set is not unique.