Concepts of delegated administration
Let's start with an example where TCS has 5,000 Salesforce Enterprise Edition licenses, and they have only one system administrator. The system administrator receives ample requests to reset the password, change login hours, unlock users, or change their sharing settings daily. To reduce this, the system administrator can go ahead and set up a delegated administrator, so that any other user who is a delegated administrator can help with the workload.
The delegated administrator is a concept that extends certain admin privileges to non-admin users in order to allow them to perform admin functions. The actions that delegated administrators can perform include the following:
User administration: For the named roles and their entire subordinate roles, delegated administrators can create and edit users and reset passwords, as well as unlock users in named roles. Delegated users can also log in as users who have granted login access to their administrator. They can also do quota settings, create default teams, and create personal groups.
Assignable profiles: The delegated administrators can assign only the profiles granted to the delegated administrator.
Custom object administration: Access can be granted to delegated administrators to serve as administrators for certain custom objects and their associated tabs only.
Setting up a delegated administration
To set up a delegated administration for your organization, follow these steps:
1.Navigate to Setup | Administer | Security Controls | Delegated Administration.
2.Click on New as shown in the following screenshot:
3. It will redirect you to a New Delegated Group window, where you have to enter data in the Delegated Group Name field as well as optionally select the Enable Group for Login Access checkbox. The details of each field are as follows:
·Delegated Group Name: This specifies the group name.
·Enable Group for Login Access: This option is selected if you want to allow the delegated administrator to log in as a user belonging to the role hierarchy that they manage.
4. Click on Save; this will redirect you to the Delegated Group Detail page. This will look like the following screenshot:
5. After creating the delegated user group, you have to do a few tasks, defined as follows:
Delegated administrators: You can add users to this group who are a part of the delegated administrator group. To do this, click on the Add button available on the list related to Delegated Administrator; it will redirect you to a new page and add users (click on the magnifying glass icon) as per your business requirement. Once done, click on Save:
User Administration: Now, you have to specify the roles and subordinates that the delegated administrators can create and edit. To do this, click on the Add button available in the list related to Role Administrator; this will redirect you to a new page and add a role (click on the magnifying glass icon) as per your business requirement. Once done, click on Save:
Assignable Profiles: Here, you can specify the profiles of the delegated administrators of this group and these can be assigned to the users they create or update. To do this, click on the Add button available on the list related to Assignable Profiles; this will redirect you to a new page and add assignable profiles as per your business requirement. Once done, click on Save:
Delegated administrators cannot assign profiles with the permission Modify All Data, such as system administrator profiles.
Custom Object Administration: In this section, you can specify the custom objects that the delegated administrators of a group can administer. To do this, click on the Add button found on the list related to Custom Object Administration; it will redirect you to a new page, and here, you can add custom objects (click on the magnifying glass icon) as per your business requirement. Once done, click on Save:
Now, you are done with the delegated administrator settings. You can change these settings any time by navigating to Setup | Administer | Security Controls | Delegated Administration.
These changes are captured under View Setup Audit Trail. If you need to check the Audit Trail for these changes, navigate to Setup | Administer | Security Controls | View Setup Audit Trail. Finally, our delegated administrator page will look like the following screenshot:
Thanks for reading....