πŸ“ˆ Advanced universal

πŸ” Enterprise-Grade Security

Configure profiles, permission sets, roles, and sharing rules to control who can access what data and functions across your Kaptio implementation.

πŸ“
6
Steps
✨
4
Features
⏱️
2-4 weeks
Duration

πŸ”— Prerequisites

Establish Platform Foundation
✨

Features

What you get with this outcome

The Right Access for Every User

Security is foundational. Kaptio leverages Salesforce's robust security model to ensure users see only what they need and do only what they're authorized to do. From Intrepid's global DMC security with regional data isolation to Rocky Mountaineer's role-based cost visibility controls, the security framework adapts to complex organizational requirements while maintaining data integrity.

πŸ‘€

Visual coming soon

security-model-diagram

Profile Configuration

Profiles define base-level access: which objects users can see, which fields are visible, and which apps appear. Kaptio provides standard profiles (Sales, Operations, Finance) that you customize for your organization's structure.

  • βœ“Object-level access control
  • βœ“Field-level security
  • βœ“App and tab visibility
  • βœ“Login restrictions
🎫

Visual coming soon

Permission Sets

Permission Sets

Layer additional permissions on top of profiles without changing the base profile. Grant cost visibility to team leads, supplier invoice access to accounts payable, or API access to integration users. Users can have multiple permission sets.

  • βœ“Additive permissions model
  • βœ“Role-specific capabilities
  • βœ“Flexible assignment
  • βœ“Permission Set Groups
🏒

Visual coming soon

Role Hierarchy

Role Hierarchy

Roles control record visibility vertically. Managers see their team's records. Regional directors see their region. The hierarchy ensures data rolls up appropriately for reporting while restricting lateral visibility.

  • βœ“Hierarchical data visibility
  • βœ“Management oversight
  • βœ“Regional data isolation
  • βœ“Reporting roll-up
🀝

Visual coming soon

Sharing Rules

Sharing Rules

Grant access beyond the role hierarchy based on criteria or ownership. Sales teams share within their channel, operations share across regions for departures, finance shares for reconciliation. Organization-Wide Defaults set the baseline.

  • βœ“Criteria-based sharing
  • βœ“Team collaboration
  • βœ“Cross-functional access
  • βœ“OWD baseline control
πŸ—ΊοΈ

User Journey

Step-by-step flow from start to finish

πŸ—ΊοΈUser Journey Flow

Follow the steps from start to finish

ACTORS:
πŸ‘€
System Admin
πŸ‘€
IT Director
πŸ“‹

Implementation Plan

How to implement this outcome

πŸ“… Project Overview

2-4 weeks high complexity
1

Design

Week 1
  • β€’ Document security requirements
  • β€’ Create access matrix
2

Configuration

Week 2-3
  • β€’ Configure profiles
  • β€’ Create permission sets
  • β€’ Set up role hierarchy
πŸ“š

Resources

Configs, tools, and documentation to help you

βš™οΈ Golden Configs

Standard Profile Configuration

Base profiles for Sales, Operations, Finance users

Permission Set Matrix

Permission sets mapped to functional roles

Role Hierarchy Configuration

Organizational hierarchy for data visibility

Security Model Components

Permissions (What Users Can Do)

ComponentControlsScope
ProfilesBase access to objects, fields, appsPer user (one profile)
Permission SetsAdditional capabilitiesPer user (many sets)
Permission Set GroupsBundled permission setsPer user (many groups)

Record Visibility (What Users Can See)

ComponentControlsScope
OWDDefault access levelOrganization-wide
RolesHierarchical visibilityPer user role
Sharing RulesException-based accessCriteria or ownership

Intrepid Security Example

Global business with DMC-specific data isolation:

User GroupAccess
DMC FinanceOwn DMC records only
Global SalesAll sales offices
Accounts PayableSupplier invoices for assigned DMC
Revenue ManagerCross-DMC reporting
---------------------
Vacation ConsultantNo
Team LeadYes
FinanceYes
Product OperationsYes
  • Use Permission Sets for role-specific capabilities
  • Document all customizations for future reference
  • Test with real user scenarios in sandbox
  • Review permissions after each Kaptio release
⚠️

Common Pitfalls

Avoid these implementation mistakes

!

Don't grant admin profiles broadlyβ€”least-privilege principle protects data

!

Test permission changes in sandboxβ€”security misconfigs cause data exposure

!

Document your security modelβ€”complex rules need clear documentation

!

Review access regularlyβ€”role changes need permission updates

!

Plan for Kaptio releasesβ€”managed package updates may change permission sets

!

Consider sharing rule performanceβ€”complex rules slow large data volumes