Our NGO client is a group of non-governmental organizations, from international to local and national NGOs. Together, they aim to transform the global humanitarian system by addressing issues like centralized power and decision-making, slow funding, and a refusal to evolve. By improving on these areas, they are hoping to refine how people in need receive help.
The NGO had no Salesforce technical staff and only had one consulting partner. So they enlisted Application House's help with several administrative tasks like creating users & inactivating users on Salesforce. The successful and effective manner in which we completed the project became their basis for enlisting our help again for other tasks.
Because the NGO Client did not have the right technical people for Salesforce, several issues arose. While they did have a consulting partner, the problems required intricate knowledge of the platform. As such, the issues just stacked up as they were left unresolved. One of these issues revolves around security.
Salesforce Optimizer, the app in Salesforce that spots issues that need to be quickly solved showed an error prompt on the Default External Access of several objects set to Public Read/Write. This access setup means external and self-registering users can view and edit our client's records in those objects.
Now, Application House expressed the danger of such settings and advised them to shift the Default External Access to Private.
The client is adamant, however, about keeping the objects to Public Read/Write because they want the members of their external community to continue accessing the data in the platform.
Application House expressed the danger of such settings and advised to shift the access to private. our client, however, was adamant about keeping the access as Public Read/Write because they had a community page where they wanted members to continue accessing the data.
Instead of individual Salesforce licenses, as such were expensive, Our client created a community for its members. It was the more affordable option. Now, they wanted to give members access to data, similar to the Default Internal Access. That is why they had the Default External Access set to Public Read/Write. The task for Application House was to toggle the Public Read/Write to Private but grant the members continued access to the data.
There was more to the solution than just simply selecting Private for the Default External Access. Because our client wanted to retain the access of its community members, Application House dived deeper for the correct answer.
Application House downloaded all the objects set to Public Read/Write under the Default External Access and proceeded with several discovery sessions with our client to answer questions like:
Analyzing why they had the Default External Access set to Public Read/Write puts Application House in the right direction. Because part of the task was to give access to specific users--the community members--the team had to know the users and the data required.
Second Step
After Application House understood our client's story, the team set the Default External Access from Public Read/Write to Private.
Third Step
The next thing to do is to go by the recommended solution of the Salesforce Optimizer: set more restrictive external access levels on the sharing settings setup page. It means setting up sharing rules to grant access to users outside the organization.
So Application House selected "Roles and Subordinates" as the users to share with as the sharing rule granting access to users belonging to the top-level role and the roles below it. However, our NGO client has a flat organizational structure, so they didn't assign any top-level roles in their Role Hierarchy.
When setting up sharing rules based on role, having a hierarchy is essential to making only one sharing rule per object. If not, there would be a need to set up one sharing rule per role for each object, which is impractical and time-consuming. So Application House advised them to add a top-level role in the hierarchy, which they first declined because they wanted to keep their flat organizational structure. After clarifying that the role hierarchy doesn't need to reflect their organizational structure, Application House set up the sharing rules for Roles and Subordinates for each object, granting access to all roles below the CEO.
After running the Salesforce Optimizer once more, no warning or error prompt appeared. It means that our client is appropriately sharing its data with the appropriate users from their community without the risk of exposing it to outsiders.
On the surface, the solution to the problem seemed easy: just set the Default External Access of the objects to Private. But by looking further, Application House understood the real problem, and we were able to provide the best solution: a solution that lasts. That is what Application House is about giving the clients what they need in the proper ways, not using shortcuts. The goal is to get a client's Salesforce ready to help them succeed.
Application House gets to the core of an issue. By doing so, we can provide the most appropriate solutions that give you the results that underpin your success. Yet you, as nonprofits, continue to do good and serve people. Our part in helping make the world better is by offering our pro bono program, which will give you the first month of our service free of charge.
At Application House, our customer's success defines our success. We make sure that all engagements are carried out with end-to-end support from our consultants.
