Understanding Salesforce Profiles vs Roles: A Non-Profit Data Analyst Guide

salesforcedata management
Written By Julia
Image of a data analyst guide to the differences between salesforce profiles and roles

Salesforce is my favorite customer relationship management tool due to its sheer flexibility. Many organizations, including non-profits, use it to manage relationships and streamline processes. For admins or data analysts working for non-profits, understanding the difference between profiles and roles in Salesforce is essential to effectively managing data access and Salesforce permissions. As a nonprofit grows, access and permissions will change over time. At the start, it may seem that everyone in your nonprofit should have access to most salesforce records (contacts, campaigns, opportunities, or reports), but eventually, access has to become stricter and stricter. In this post, I will explain the distinctions between salesforce role vs profile, how they work together to enable or restrict user's access, and provide a step-by-step guide to setting them up.

Note: Any Salesforce administrator will also work with Profiles and Roles, but I’m just using the example below to showcase Non-profit scenarios. If you are working in a commercial or private environment, such as Sales Cloud, this article will be applicable to your use case, and equally help you understand these differences.


What is a Salesforce Profile?

Profiles: The Building Blocks of User Permissions

A Salesforce profile is a collection of settings and permissions determining what users can do within the Salesforce environment. Every user in Salesforce must have a profile, which dictates their permissions and access to various features. Profiles control several key aspects:

  1. Object Permissions: Define what users can do with objects (Create, Read, Edit, Delete).

  2. Field-Level Security: Specify which fields are visible or editable.

  3. Record Types: Determine which types of records users can access.

  4. Page Layouts: Control which page layouts users will see (depending on record types too).

  5. Applications and Tabs: Define which apps and tabs are available to users.

  6. Login Hours and IP Restrictions: Set the hours and IP ranges from which users can log in.

Salesforce provides standard profiles, but you can also create custom profiles to meet specific business requirements. Custom profiles are often cloned from existing profiles, which could also be standard profiles, and then modified.

Types of Profiles

Salesforce profiles can be categorized into two main types:

  1. Standard Profiles: Pre-defined profiles provided by Salesforce, such as System Administrator, Standard User, and Solution Manager. These profiles come with a set of permissions that cannot be fully modified but can be cloned to create custom profiles.

  2. Custom Profiles: Profiles created by cloning an existing profile and customizing it to meet specific organizational needs. Custom profiles allow for more granular control over user permissions.

Salesforce Profile Controls

Profiles control various aspects of user access, including:

  • App Permissions: Determine which apps users can access.

  • System Permissions: Control system-level actions such as API access.

  • Tab Permissions: Define which tabs are visible to users.

  • Field Permissions: Specify which fields are visible or editable.

  • Object Permissions: Control the ability to create, read, edit, or delete objects.

  • Page Layouts and Record Types: Determine which layouts and record types users can access.

  • Login Hours and IP Restrictions: Set restrictions on login times and locations.

Common Profiles in the Non Profit World

Profiles that are found across different non profit instances include:

  • Finance

  • Executive

  • API

  • B2B Marketing

  • Chatter

  • Development

  • Community Users

  • Events

  • Limited Access

  • Upper Access

  • Programs

  • Read-Only

  • Standard

  • System Administration

  • Volunteers

Steps to Create a Salesforce Profile

  1. Navigate to Profiles: In Salesforce Setup, enter "Profiles" in the Quick Find box and select it.

  2. Clone a Profile: Click on an existing profile you want to use as a template and click "Clone."

  3. Name and Save: Enter a name for the new profile and save it.

  4. Edit Permissions: Click "Edit" to customize the profile's permissions to suit your needs.

  5. Assign the Profile: Go to the user's settings and assign the newly created profile to them.

What is a Salesforce Role?

Roles: Defining Data Visibility

Roles in Salesforce are designed to increase data visibility for users. Unlike profiles, roles are not mandatory for every user. Roles determine what records users can see in the Salesforce organization, primarily through role hierarchies and sharing rules.

  1. Role Hierarchy: Allows users at higher levels to access records owned by users at lower levels.

  2. Sharing Rules: Define additional record access beyond the role hierarchy.

The organization-wide default (OWD) setting specifies the baseline visibility for records. For example, if the OWD is set to private, only record owners can see their records. Roles and sharing rules can then be used to open up visibility where necessary.

Specific Roles and Their Impact

Roles are crucial in defining record-level access. They help extend the default visibility setting and ensure that users have the appropriate level of access based on their position in the hierarchy. For instance, a sales manager may need access to records owned by sales reps under their supervision. This hierarchical structure is essential for maintaining data security while ensuring that users can access the information they need to perform their jobs effectively.



Role Hierarchy in a Non-Profit

If you need to define a role hierarchy in a nonprofit, you can follow the guidelines below:

  1. Upper Management: This level includes the Executive Director and Chief of Staff or Associate Executive staff.

  2. Senior Management: VP’s or Directors

  3. Mid-level Management: Managers, such as Grant Manager, IT Manager, ect.

  4. Entry Level Associates: Grant writer or Volunteer Coordinator

Steps to Create a Salesforce Role

  1. Navigate to Roles: In Salesforce Setup, enter "Roles" in the Quick Find box and select it.

  2. Set Up Roles: Click "Set Up Roles" to begin configuring roles.

  3. Add a Role: Click "Add Role" under the appropriate parent role.

  4. Define Role Details: Enter the role label and click "Save."

  5. Assign the Role: Go to the user's settings and assign the new role to them.

Use Case: Non-Profit Salesforce Administrator

Let’s walk through a practical use case for a non-profit Salesforce administrator seeking to set up specific user profiles and different roles. 

Setting Up Profiles and Roles for a Non-Profit Data Analyst

Scenario: You are a salesforce admin at a non-profit organization. Your role involves coordinating donor data, generating reports, and ensuring data security. You need different levels of access for different team members, such as fundraisers, volunteers, and executives.

  1. Define Profiles:

    • Fundraiser Profile: Can create and edit donor records, view all reports, but cannot delete records.

    • Volunteer Profile: Can only view donor records and update contact information.

    • Executive Profile: Has full access, including the ability to view, edit, and delete all records.

  2. Define Roles:

    • Role Hierarchy: Executives at the top, fundraisers in the middle, and volunteers at the bottom.

    • Sharing Rules: Ensure fundraisers can see records owned by volunteers but not modify them.

Steps:

  1. Create Custom Profiles:

    • Navigate to Profiles in Setup.

    • Clone an existing profile (e.g., Standard User) and customize it for each role (Fundraiser, Volunteer, Executive).

    • Set object permissions, field-level security, and other relevant settings for each profile.

  2. Create Role Hierarchy:

    • Navigate to Roles in Setup.

    • Set up roles with Executives at the top, Fundraisers in the middle, and Volunteers at the bottom.

    • Define sharing rules to control data visibility based on the role hierarchy.

  3. Assign Profiles and Roles:

    • Assign the appropriate profile to each user based on their role.

    • Assign the relevant role to each user to ensure they have the correct data visibility.

Best Practices for Managing Profiles and Roles

  1. Regular Reviews: Periodically review and update profiles and roles to ensure they still meet business needs.

  2. Minimal Access Principle: Grant users the minimum permissions necessary to perform their jobs.

  3. Use Permission Sets: For additional permissions that do not warrant a new profile, use permission sets to grant specific access.

Understanding Permission Sets

Permission sets are additional permissions that can be assigned to users on top of their profiles. They are useful for granting specific permissions without creating a new profile. Think about them as expanding the view of someone with binoculars; they can see farther than what most people in their position are allowed to see. You will receive permission sets also externally every time that you install a new package or application.

Steps to Create a Permission Set

  1. Navigate to Permission Sets: In Setup, enter "Permission Sets" in the Quick Find box and select it.

  2. Create a New Permission Set: Click "New" and enter a name for the permission set.

  3. Define Permissions: Customize the permissions as needed.

  4. Assign the Permission Set: Go to the user’s settings and assign the permission set to them.

Salesforce Trailblazer Community

The Salesforce Trailblazer Community is an excellent resource for learning more about managing profiles and roles. It provides access to a wealth of knowledge, best practices, and a supportive community of Salesforce users who share their experiences and hard-earned knowledge. 

If you want to explore the technical language of all of this, you may find that information in these salesforce help articles here and here. 

Understanding the differences between Salesforce profiles and roles is crucial for managing data access and permissions effectively. Profiles control what users can do, while roles control what users can see. For non-profit salesforce administrators and data analysts, leveraging these tools appropriately can enhance data security and streamline operations.

By following best practices and regularly reviewing your setup, you can ensure your Salesforce environment remains secure and efficient. Remember, profiles and roles are designed to work together, providing a comprehensive security model that meets your organization's needs. Whether you are assigning profiles to new users or configuring specific roles for your team, these steps will help you maintain a robust and secure Salesforce environment.

Julia

Hi! I have always been a busy bee. But when I found myself juggling love, work, family and 1,000 more things, I felt like failing. I was burned out. So I began to take care of each item, though a focused approach with fitness and a healthy mindset. My life was transformed. I lost weight that I had been carrying for ages! I acknowledged my self worth and my love life blossomed. I’m in the best shape of my life at 43! And I want that same transformation for you too.

Previous

Difference between Data Loader and Import Wizard in Salesforce: A Use Case for Non Profits