User permissions and access settings are specified in profiles, permission sets and roles. To use them effectively, this article explains the key differences:
Profiles define how users access objects and data, and what they can do within the application. When you create users, you assign a profile to each of them. Your org includes several standard Kaptio Travel profiles where you can edit a limited number of settings.
These profiles are:
- System Administrator: full access to the application and all of its data
- Kaptio Finance: provides the base access for finance users
- Kaptio Standard: provides the base access for sales and operations users
There will be other profiles visible in your environment which can be used for other Salesforce applications that are not applicable to Kaptio Travel. System administrators can also create custom profiles, however we recommend always using the standard Kaptio Travel profiles provided to simplify maintenance of the profile settings. For more information on profiles, please refer to the Salesforce Security Guide.
NOTE: When Kaptio issues a new release of Kaptio Travel, profiles are not updated automatically. That is why profiles are only used for base access settings and the detail is controlled in the permission sets, as these do get updated automatically with each release.
A permission set is a collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles. Users can have only one profile but they can have multiple permission sets. You can assign permission sets to various types of users, regardless of their profiles.
Your org includes several standard Kaptio Travel permission sets which cannot be changed. These profiles are:
- Kaptio Travel Full Access: provides full Kaptio Travel access to assigned users
- Kaptio Travel Sales Access: provides access only to sales related functionality in Kaptio Travel.
- Kaptio Travel Finance Access: provides access only to finance related functionality in Kaptio Travel
- Kaptio Travel Pricing Access: provides access only to pricing related functionality in Kaptio Travel
- Kaptio Travel Content Access: provides access only to content related functionality in Kaptio Travel
For more information about the specific detail of each permission set please contact your Kaptio Travel project manager.
There will be other permission sets visible in your environment that can be used for other Salesforce applications that are not applicable to Kaptio Travel. System administrators can also create custom permissions but we recommend using the standard Kaptio Travel permissions sets as much as possible to simplify maintenance. For more information on permission sets, please refer to the Salesforce Security Guide.
Roles & Organization-Wide Defaults
Roles and role hierarchies can be used with sharing settings to determine the levels of access that users have to your Kaptio Travel data. Roles within the hierarchy affect access on key components such as records and reports. When you create users, you assign a role to each of them.
Users at any role level can view, edit and report on all data that is owned by or shared with users below them in the role hierarchy, unless your Kaptio Travel’s sharing model for an object specifies otherwise. Specifically, in the organization wide defaults related list, you can disable the Grant Access Using Hierarchies option for an object. When disabled, only the record owner and users who are granted access by the organization-wide defaults receive access to the object’s records.
Kaptio Travel does not include any standard roles as part of its application and it is recommended to involve a Salesforce administrator with a good understanding of roles and role hierarchies before implementing this feature. For more information on roles, please refer to the Salesforce Security Guide.