Access Management
GRAX controls access levels via Permission Set assignments. At the bottom of this document, those permission sets are explained and broken down, but let's first cover what the resultant access would look like for users. Below is a summary of each high-level GRAX feature, and how access levels interact with them.
Access Level | Dashboard | Search | Archive | Restore | History Stream | Settings |
---|---|---|---|---|---|---|
Admin User | View | View and Configure | View and Run | View and Run | View and Configure | View and Configure |
Power User | View | View | View and Run | View and Run | View | None |
Standard User | View | View | View | View | View | None |
To summarize the main differences between these 3 access levels:
- Admin User can see and do everything
- Power User has nearly the same access as Admin User, but cannot see
Settings
and cannot configure objects for Search or History Stream - Standard User also cannot see
Settings
and cannot configure objects for Search or History Stream. Is view only for anything else.
You can find a call-out in the GRAX navigation menu stating the current logged in user's access level.
Controlling Access
Any user that wants to access GRAX must first have the proper Salesforce permission set assignments. There are 2 supported ways to assign Salesforce permission sets.
Use Permission Sets Already Installed Via GRAX for Salesforce
These permission sets are installed when you install the GRAX Managed Package for Salesforce. They control user access within the managed package, as well as within the GRAX webapp and embedded experiences.
Managed Package Salesforce Permission Set | Standard User Access | Power User Access | Admin Access |
---|---|---|---|
GRAX_Configuration_Admin | ![]() | ![]() | ![]() |
GRAX_Advanced_User | ![]() | ![]() | |
GRAX_User | ![]() |
Manually Create Permission Sets Without Managed Package
Running GRAX without the managed package is possible, but requires light manual effort to create resources that would otherwise be automatically created. You can create brand new permission sets with the exact names shown below to achieve a level of access management without the Managed Package.
Each of these maps to permissions and access granted by one of the Managed Package permission sets, as below:
Salesforce Permission Set API Name | Standard User Access | Power User Access | Admin Access |
---|---|---|---|
GRAX_Console_Admin_User | ![]() | ![]() | ![]() |
GRAX_Console_Power_User | ![]() | ![]() | |
GRAX_Console_Standard_User | ![]() |
The following script can be used to create the 3 GRAX Permission Sets using the Salesforce Developer Console:
- Open the Salesforce Developer Console
- Open the
Debug
menu - Select
Open Execute Anonymous Window
(or pressCTRL + E
) - Copy the script below into the
Enter Apex Code
dialog - Select the
Open Log
checkbox - Click
Execute
PermissionSet pa = new PermissionSet(Name = 'GRAX_Console_Admin_User', Label = 'GRAX Console ADMIN Permission', Description='Grants users ADMIN permission(s) in the GRAX Console');
insert pa;
PermissionSet pp = new PermissionSet(Name = 'GRAX_Console_Power_User', Label = 'GRAX Console POWER Permission', Description='Grants users POWER USER permission(s) in the GRAX Console');
insert pp;
PermissionSet pu = new PermissionSet(Name = 'GRAX_Console_Standard_User', Label = 'GRAX Console Permission', Description='Grants users access to the GRAX Console');
insert pu;
Field Level Permissions
In addition to the Access Levels above, GRAX applies field level permissions to all users logged in via SSO. This means you can restrict what fields they see in the GRAX webapp the same way you'd do for any Salesforce user. The "View All Fields" modifier allows a user to see add fields on an object in GRAX, regardless of their Salesforce Field Level Security or the current object schema.
The following script can be used to create this GRAX Permission Set using the Salesforce Developer Console:
- Open the Salesforce Developer Console
- Open the
Debug
menu - Select
Open Execute Anonymous Window
(or pressCTRL + E
) - Copy the script below into the
Enter Apex Code
dialog
PermissionSet pv = new PermissionSet(Name = 'GRAX_View_All_Fields', Label = 'GRAX View All Fields', Description='Grants users access to view all fields in GRAX regardless of their Field Level Security permissions');
insert pv;
Next Steps
To proceed with connecting GRAX to Salesforce and your storage platform of choice, start with our connection documentation.
Updated 6 days ago