Configuring Profiles in Salesforce: A Complete Guide

Leave a Comment / Blog / By

Configuring Profiles in Salesforce: A Complete Guide 

In Salesforce, Profiles play a critical role in determining what users can see and do within the platform. Whether you’re an admin, developer, or consultant, understanding how to configure profiles effectively is essential for maintaining security and ensuring the right user experience. 

📌 What Is a Profile in Salesforce? 

A Profile in Salesforce is a collection of permissions that defines what a user can access and perform within the system. Every user in your org must be assigned a profile at the time of user creation—this is a mandatory requirement. Additionally: 

  • A user can be assigned only one profile. 
  • A user can be assigned only one role. 

🧩 Types of Profiles in Salesforce: 

Salesforce offers two main types of profiles: 

  1. Standard Profiles 

These are pre-built profiles provided by Salesforce. They come with default settings and permissions. 

Examples: 

  • Read Only 
  • Standard User 
  • Salesforce Platform User 
  • Authenticated Website 
  • Custom: Sales, Custom: Marketing, Custom: Support 

Key Notes: 

  • Standard profiles cannot be deleted. 
  • Their settings can be changed only to a limited extent. 
  • Best Practice: Clone a standard profile to create a custom one instead of modifying it directly. 
  1. Custom Profiles 

These are profiles created by an admin or developer to suit specific business needs. 

Highlights: 

  • You can clone any existing profile (standard or custom) to create a new one. 
  • Fully customizable—you can modify all permissions. 
  • Can be deleted if not assigned to any user. 

📌 Note: Every profile must be associated with a license type. 

🛠 How to Create a Custom Profile 

Steps: 

  1. Navigate to Setup. 
  1. Go to Manage Users > Profiles. 
  1. Click on New Profile. 
  1. Enter the Profile Name. 
  1. Select a License Type. 
  1. Choose a profile to clone from. 
  1. Click Save. 

🔧 What Can Be Configured in a Profile? 

Here’s a breakdown of key features and settings you can configure within a profile: 

  App Visibility

Define which apps are visible to users and set the default app. 

  1. Tab Settings

Configure the visibility of tabs: 

  • Default On: Always visible. 
  • Default Off: Hidden by default but can be added. 
  • Tab Hidden: Completely hidden. 
  1. Record Type Visibility

Control which record types are available to users and set a default record type. 

Use Case: Allow all Salesforce users to create Account records without record type selection—just set the Master record type as default. 

  1. Object Permissions

Specify which objects (standard or custom) users can access. 

  1. Object-Level Operations

Set the level of access on each object: 

  • Read 
  • Create 
  • Edit 
  • Delete 
  • View All: View all records, regardless of ownership. 
  • Modify All: Edit/delete all records. 

🔐 View All and Modify All override Organization-Wide Defaults (OWD). 

  1. Page Layout Assignments

Determine which page layouts users will see. 

  1. General Permissions

Grant user-level settings like “Export Reports”, “Mass Email”, etc. 

  1. Administrative Permissions

Assign high-level controls like “Modify All Data”, “Customize Application”. 

  1. System Permissions

Control deeper access like “API Enabled”, “Manage Users”, “View Setup and Configuration”. 

  1. Session Timeout Settings

Set how long a session can remain idle: 

  • Options: 15 min, 30 min, 1 hr, 2 hr, 4 hr, 8 hr, 12 hr 

After inactivity, users will be logged out and redirected to the login screen. 

  1. Apex Class Access

Specify which Apex classes users can execute. 

  1. Visualforce Page Access

Control access to Visualforce pages. 

  1. Password Policies

Enforce secure password standards: 

  • Complexity 
  • Length 
  • Expiration 
  • History 
  • Lockout after failed attempts 
  • Re-activation periods 
  1. Login Hours

Define when users can access Salesforce. 

If a user is active beyond allowed hours, the system switches to Read-Only Mode, preventing DML operations (Create/Edit/Delete). 

  1. Login IP Ranges

Restrict access based on trusted IP ranges. 

Two ways to apply IP restrictions: 

  • Profile Level: Specific to a group of users. 
  • Org-Wide: Via Setup > Security Controls > Network Access 

Setting Up Business Hours (Org-Wide): 

Useful for workflows, case escalations, and SLAs. 

Steps: 

  1. Go to Setup > Company Profile > Business Hours. 
  1. Click New Business Hours. 
  1. Fill in name, time zone, and working hours. 
  1. Click Save. 

📝 Final Thoughts 

Salesforce Profiles are a cornerstone of user access and security in any org. By configuring them properly, you ensure that users only see what they need to—and nothing more. For complex orgs, leveraging custom profiles and combining them with permission sets ensures flexibility and security. 

🛡️ Pro Tip: Use permission sets for additional, role-specific permissions without changing the profile. 

Leave a Comment

Your email address will not be published. Required fields are marked *