Oops!! Whats wrong with my Sharing ...

First time while I was preparing for my Administration Exam I watched this video “Who Sees What: Overview on salesforce” (https://www.youtube.com/watch?v=jDYfTfaqclk )… I was very impressed!   Later while working hands on I realized things can get really messy and could easily go out of hand if we don’t really keep strong strategy and control.

Too many roles, too many sharing rules, complex Account teams, too many permission sets, these all could lead to loss of control on data visibility aspects in your Org. It is advisable to administer the sharing with strong change management process in place.

Who Sees What in Salesforce is fine, but when we come across a situation where we need to figure out why a particular entity, record or a field is being visible / editable by some other user – how should we approach such problem statement ?!

Recently in one of our engagements, post data migration – we had this exact issue to solve.  Client said that a particular USER was not supposed to see other account information, whereas when we simulate and log in behalf of the USER, we could see much more accounts than he / she we thought should be seeing in actual!

Now, Is there a logical way to solve or get to the root cause of these kind of sharing issues!  Let’s check out. I am considering an ACCOUNT record visibility issue for illustration here:

PROFILE / PERMISSION SETS

Profile / Permission set controls CORE CRUD permissions for Object as well as Fields, so let’s say this is bit easy.  Hence let’s focus more on Record visibility, ability to read or edit the records of some other user which is where a lot many permutations / combinations are possible!

OWNERSHIP:

 Is the USER in question is actually the current owner of the Account record? check for this first

DEBUG LOGS:

Ok – Shall I enable Debug logs? And trace the log for any clue?!  -- Nopes, this won’t help.  In salesforce the sharing reason is not revealed via debug logs …

OWD:

 Hey!! What about OWD? Is it Public Read-only / Public Read write already? If yes, then you already got your answers… else if OWD = private, keep checking further…

SHARING RULES (Public group, Role, Role/Subordinate, Queue):

Is there any Sharing rule on Account? Is sharing rule based on Public group? Or Role and its subordinates? If yes, then quickly see if the USER in question is part of Public group!?   Or see if the Sharing rule is directly sharing to a particular ROLE?  Or Access is rolling up the hierarchy?  Or sharing rule is for ROLE+Sub-ordinates?!    If No sharing rule is found, then move on…

SHARING RULE OVERRIDE:

See if there are any Sharing rule over-ride?  I.e. exactly PROFILE / PERMISSION SET with VIEW ALL / MODIFY ALL permissions?!  Permission set - not associated either.

ACCOUNT TEAM:

Account team – is a feature to enable users with different level of access on a particular Account so they can work as a team, hence check if the USER in question is part of Account team?! Or at-least see if any of the Account team user is beneath this USER in the ROLE hierarchy? Or   if the USER is manager of the Account team member?!

ACCOUNT TEAM MEMBER / ACCOUNT SHARE:

You may use Workbench to query the Accounteammember entity along with AccountShare entity to see which all entities are shared with this USER and in what level?! I.e. READ / EDIT?

Did you get to root cause yet?! else keep continuing …

ACCOUNT SHARE (Implicit, Manual, Owner, Team):

When you search on Accountshare – some sharing reason will be due to IMPLICIT permission, which means - because the USER is the owner of some of the child entities (i.e.  if USER is owner of Contact , then implicitly this USER will have READ access on the Account to which his Contact is linked to ),  same applied b/w Opportunity and ACCOUNTs

APEX SHARING:

Code based sharing is possible, however this is more of invoking a Class as system user or as a specific user and execute a logic

SHARING SETS:

If you are dealing with Communities user – better to check Sharing sets to see if there are any sharing b/w external users to internal users?!

OWD RECENT CHANGES:

See if someone changed OWD recently? This might lead to re-calculation of sharing – but at times, this will take more time.  This might have led to USER ability to see the record.

SFDC SUPPORT:

Are you tired, still not able to figure out root cause, raise a SFDC case and hope for some help!

Dear readers, IF you find any points above are technically incorrect, plz shout back – I shall revisit those points,  also if you have some more additional investigative tips, kindly do share through your valuable comments.  Knowledge is worth sharing… 

                                                                *THANKS YOU*

Migrating into Salesforce !

Data Migration (into Salesforce)

It’s been sometime I got any topic to blog about... finally, today made firm mind to write my understanding and opinion around data migration (from Legacy CRM into Salesforce), hope you find it informative and adoptable.

Data migration projects are generally effort intensive & demands meticulous planning and control, there needs to be SME from both legacy CRM and Salesforce side who understand not only the functionality but have thorough understanding of data model of each systems.

Where and how to start?

1. Aligned Data migration timeline with that of E2E overall project plan.

2. Understand when the existing legacy CRM licenses are going to expire

3. Discuss with the stakeholders around when they want the migrated Salesforce data to be available for user testing

4. Discuss and decided data volumes, dates when the legacy CRM can be freeze, the attachments volumes to be loaded, etc.

Ideally, starting with a data migration plan and Strategy is recommended.

Strategy should go to good amount of details such as 

Exact scope of data migration, Volumes, Dates of imp milestones, Tools being used, Out-of-scope, The migration approach, Environments that will be used for migration, whether it’s big-bang migration or not,  How many rounds of testing will be performed, RACI matrix, Assumptions, dependencies, testing approach, etc.

From Salesforce perspective, the proven and stable migration approach would be as depicted below:

Legacy CRM   -->    Staging Area (with two data model)    --> Salesforce

Staging area can typically have two data model created (one which reflects the entities and relationships as per Legacy CRM) and (another which reflects the entities and relationships of Salesforce CRM)

Use the Staging area to apply Cleansing, De-Duplication, Enrichment, transformation and other business and archival rules and load the records into Staging area (SFDC data model).  This way, the final CSV file which is generated from Staging area (SFDC data model) will be nearly identical or perfectly ready for Salesforce team to upload using any data loader tools

On legacy CRM - One can use Sql loader or other tool based on the type of database (Oracle, MS, and IBM)

On SFDC CRM - if data volume is low - one can use Data Import wizard, Apex Data loader, Jitter bit, dataloader.io, Informatica data wizard, and many more.

Below is a SFDC suggested order of migrating the entities:

0. Users

1.  Accounts

2.  Campaigns

3.  Contacts

4.Opportunities

5.  Cases

6.  Solutions

7.  Price books

8.  Products

9.  Leads

10.Contracts

However the Order of above entities might change from one project to another depending on the existing relationship in legacy CRM but overall the order is as given above.

Some more tips:

§  As you move in additional data into your Salesforce instance, keep a watch on the space you are consuming. In case you are reaching your permitted space limits, it is time to call your Salesforce representative to purchase additional space

§  It is important to plan out the data migration. The users should be informed well in advance about the cut-off date, and possible issues that may happen. Also it is always a good idea to have a few pilot users available to test over the weekend in which a major data migration is planned.

§  It is also import to do sanity testing directly in Salesforce. Login as different types of users, and view a few records of different objects. Compare these same records manually with the original system. Although many tools are available, there is no replacement to manual verification when testing data migration

§  From a developer perspective it is important to plan/provide sufficient time for testing the results of data migration before you roll out the instance to users. Just because the data loader has executed without any errors does not mean that the migration is complete. Use the Developer console to perform basic queries like – total number of accounts of a certain record type, number of accounts without any contacts, number of accounts owned by user XYZ etc.

§  You need to evaluate if all the workflows and triggers of the impacted objects should be disabled before uploading data. Often there are active workflows that send emails to customers when certain stage is reached

§  It is easier to remove duplicates from a spreadsheet than merging them in Salesforce.

§  Use the Excel Connector or Apex Data Loader and V-lookup to compare new records against existing records before importing. 

§  Lookup Relationship-– > By Changing settings to “Clear the value of the field”

§  Master-Detail Relationship –> Sort Salesforce or External ID by ASC or DESC order to prevent record locking

§  Map the External Id for future traceability

§  For reports and dashboards to work on Salesforce just the way they did on legacy CRM, it’s a good idea to enable the Audit fields in Salesforce where CREATED BY and CREATED DATE system fields can be edited via data loader during migration, this way the Created by user on Salesforce for the records will be exactly same as the one in your legacy CRM.  This will help in your OWD, Sharing rules to work seamlessly even after migration.

THANK YOU -- TJ

Salesforce Spring 16 features @ a glance

Its time to take a look @ our favorite Salesforce release features - due on your sandboxes / production later January/Early February in 2016.  below is sneak peak of Top 7 features for you.

For full documentation - refer https://resources.docs.salesforce.com/200/latest/en-us/sfdc/pdf/salesforce_spring16_release_notes.pdf


Top inspiring features are highlighted in BLUE font below ...

Sales Cloud:

Offline for Mobile
Enhanced Charts in Salesforce 1
Customized Left Hand Navigation
Composer
Campaign and Person accounts in Lightning

Salesforec IQ for SME:

Spend Sales Reps time where it matters the most.

Sell smarter from Anywhere.

 

Service Cloud:

Work Orders for Field Service

Multi-Component Assets

SOS for Android

Salesforce 1 Mobile Knowledge

Group and files in Community templates

 

 

Marketing Cloud:

Predictive Journeys

Data Stream for Marketing cloud connector

Rich Messaging for group connect

Instagram Ads Management

Workbench for Social Studio

 

 

App Cloud:

Heroku Enterprise

Two-Factor Authentication

Event Monitoring transaction security

Wave Analytics for Event Monitoring

Process Builder Drag and Drop Criteria

 

 

Analytics Cloud:

Wave analytics for community

Wave flex dashboard designer

Sales Wave pipeline trending

Enhanced Lightning reports and charts

Admin access to personal folders

 

 

Community cloud:

Chatter in community templates

Lightning dashboards in community management

Page manager in community builder

Rich feed in community templates

shield for communities

 

Types of Orders

Order Management

Types of Orders

ADD ORDER -

ADD Order or Install Order is mostly referred to as a New Provide which means a fresh new order for a customer. Add Order is also sometimes referred to as an order in which a new product is added to the existing subscription of a customer. 

MODIFY ORDER -

     As the name suggests MODIFY order / CHANGE order is an order created in system when there is any change with respect to quantity, no of users, no of licenses, bandwidth, volume limits or any other technical / commercial attributes in a product under an existing subscription. 

IN-FLIGHT ORDER -

This is not exactly an order but a process which allows the Agents to make changes in the ongoing order (of any type - ADD / CEASE / Modify) which has passed the point of no return in the E2E order fulfillment journey but not yet activated. 

CANCEL ORDER -

Cancellation is a process of cancelling an ongoing order before the Point of No-Return.  (E.g. User has placed an Order for Broadband connection and the Communication provider has just started Feasibility check while the End customer requests to CANCEL his/her order).

CEASE ORDER -

Cease orders are used to cease (stop / terminate) the existing active subscription of a customer when the customer decides to discontinue an active service. 

SUSPEND ORDER -

Suspension as the term indicates is a temporary disconnection associated with Start/End date with the suspension reason. Suspension can be due to non-payment of bills/invoices or End customer is temporarily out of station and hence requested to keep the Asset (or even an on-going order) under Suspension with future resumption date.

CANCEL CEASE ORDER -

Cancellation is a process of cancelling an ongoing CEASE order before the Point of No-Return. (E.g. End customer requested a Termination of his Asset however before the termination could be completed, End customer has requested to keep the Connection / product intact and not to terminate/cease).

MOVE ORDER -

      Move order is the process of moving the subscriptions/services to a different or same Installation Address. However the account (customer) is the same which means you are moving the services to a different installation address for the same customer. 

TAKEOVER ORDER -

Takeover is the process of moving the subscriptions/services a customer (Account: Source) has to some other customer (other Account: target). Thus the subscriptions and service are taken over. Each customer is associated with a number of Billing Accounts. Hence, there is Billing Account change as well (when Customer is changed).

E.g. Takeover orders are basically administration orders which are initiated when the customer wants to change the Account of an active subscription. For Example, today I am staying in Paris 31/802 on rent and tomorrow Mr. X replaces me now in order to get the name changed on the bill/system and also the linked billing account, I will inform the service provider that Mr. X has taken over my subscription.  In such a case, a takeover order will be initiated in the system by an advisor where he/she will change the customer account and the billing account of an active subscription. If the new customer account does not exist, it shall be created prior initiation of the takeover.

INVOICE SWITCH -

Invoice switch is a process of only changing the Billing Account (Consider an Enterprise Customer having multiple billing accounts) of the Subscriptions/Services keeping the Account/Customer same.

For Ex, if company decides to pay my bill, I will ask for an Invoice Switch to the company billing account J. In this case the subscription is still registered on my name but the bill is paid by another customer i.e. Infosys.

Apart from above basic definitions, kindly note below processes / activities are quintessential aspects while dealing with any kind of Orders.

1.      Technical Intervention involved for these orders?

2.      Onsite Visit involved?

3.      Behavior of promotions for these orders.

4.      Impact on the bill.

5.     Level of access for these orders. (Not everyone can initiate every kind of order in system. This  becomes an important aspect when designing the security model in CRM)