Data
Reader small image

You're reading from  Creating Actionable Insights Using CRM Analytics

Product typeBook
Published inDec 2021
Reading LevelBeginner
PublisherPackt
ISBN-139781801074391
Edition1st Edition
Languages
Python
Tools
Tableau
Concepts
Business Intelligence
Right arrow
Author (1)
Mark Tossell
Mark Tossell
author image
Mark Tossell

Mark Tossell is passionate about solving problems and improving processes using data. Tableau CRM (Einstein Analytics) and Tableau, powered by AI, are the tools of his trade. He is a proud wearer of the Salesforce Gold Hoodie and recipient of the inaugural APAC Awesome Admin award. He is also a Trailhead learning addict, having earned over 420 badges. In addition, he is honored to be a Tableau CRM Ambassador and a Salesforce Partner Solution Engineer. Mark lives in Sydney, Australia, with his wife, Christina, and son, Adam.
Read more about Mark Tossell

Right arrow

Chapter 7: Security in CRM Analytics

How do you decide who sees what in CRM Analytics? This is one of the least understood aspects of CRMA development, so in this chapter, you will learn how to secure your CRMA data. We will begin by providing an overview of CRMA security. We will then walk through each of the tools that CRMA makes available to determine who sees what data.

By the end of this chapter, you will understand the basics of CRMA security. Moving on, you will be able to deploy and manage CRMA access permissions. You will understand CRMA app-level security and be able to deploy and edit this as required. Furthermore, you will be competent in assessing and deploying Salesforce sharing inheritance. Finally, you will be confident in building and deploying security predicates.

In this chapter, we're going to cover the following main topics:

  • What is CRMA security and how does it work?
  • Managing CRMA access permissions
  • Configuring CRMA app-level security...

Technical requirements

You will need the following to successfully execute the instructions in this chapter:

  • The latest version of the Google Chrome browser (Chrome is the preferred browser when working with CRMA)
  • A working email address

Ensure that you're logged into your CRMA development organization.

Let's jump right in and gain a high-level understanding of CRMA security.

What is CRMA security and how does it work?

Controlling access to information that is surfaced in CRM Analytics is critical in the broader context of data governance and security.

Important Note

Once a field is visible in CRMA, there is no way that you can prevent someone from seeing its data. Anyone who has access to the dataset has access to all fields, as opposed to Salesforce, where you have field-level security.

The CRMA administrator has four security tools at his or her disposal:

  • Salesforce Data Access: The administrator can configure permissions on Salesforce fields and objects to implement field-level and object-level security, which means that access to Salesforce data can be controlled. For example, access to sensitive, personal information can be restricted at the ingestion level to prevent this data from being loaded into CRMA.
  • CRMA App-Level Security: When you assign manager access to users, app owners, and administrators, they will be able to...

Managing CRMA access permissions

To ingest data and use it as a part of row-level security, you must have access to Salesforce data. Based on the permissions of the two systems of CRMA/Salesforce users, CRM Analytics gains access to Salesforce data. These two systems of CRMA/Salesforce users are as follows:

  • Integration User
  • Security User

Here is Integration User, as viewed in Setup in Salesforce:

Figure 7.2 – Integration User. Note the user profile; that is, Analytics Cloud Integration User

CRMA uses the permissions of Integration User when a data preparation job runs so that it can ingest data from Salesforce objects and fields. Access to any fields and objects that contain sensitive data should be restricted because the View All Data access is with Integration User.

The job will fail if the dataflow tries to read data from a field or an object where view permission is not given to Integration User.

Based on the User object...

Configuring CRMA app-level security

As you might remember from what we learned in Chapter 2, Developing Your First OOTB Analytics App in CRMA, a CRM Analytics app is similar to a folder, enabling users to organize their data projects and control the access of datasets, lenses, and dashboards, as well as how they're shared. This functionality of CRMA apps makes them a useful security tool to restrict or grant access to assets as required.

By default, all CRMA users begin with Viewer access to Shared App. An administrator may modify this setting to open or restrict access. An out-of-the-box app, My Private App, can be accessed by every user, which is suitable for personal works in progress. The contents of a user's My Private App are not visible to administrators, but lenses and dashboards can be shared with users.

Also, by default, all new apps are set to private. Manager access is with the administrators and app owner; therefore, they can extend VIEWER, EDITOR, or...

Deploying Salesforce sharing inheritance

If you want the sharing setup for your datasets to replicate the ones that are applied for your objects by Salesforce, then you can do this by deploying sharing inheritance.

Sharing inheritance reduces or eliminates the need for complex security predicates in many cases. On the flip side, applying sharing inheritance results in an increase in the time required to process data and create/update datasets – completing data syncs, recipe jobs, and more. Keep in mind that the more complicated the sharing settings are, the more impact there is on data processing time. Keep in mind that the time taken for data processing will have a higher impact if the sharing settings are more complicated.

The Salesforce admin most likely uses a combination of sharing settings to provide users with access to Salesforce data about their roles, including sharing based on the following:

  • Manual sharing rules
  • Role hierarchy
  • Role
    • ...

Understanding the concept and usage of security predicates

Data visibility in CRMA can be controlled using security predicates. As we mentioned earlier, row-level security for a dataset that is defined by a filter condition is called a predicate. Predicates can control data visibility based on these scenarios:

  • Role Hierarchy: In the Salesforce org, predicates can filter the data based on the user's role, but only if they are logged in. A user can only view the records that are owned by them or by the people below them in the role hierarchy in Salesforce.
  • Manager Hierarchy: In the User object, predicates can filter the data based on the Manager field in the User object. Therefore, the logged-in user may view the records that are owned by them, and by any user that reports under them in the manager hierarchy.
  • Logged-in User's Country: The data can also be filtered based on the logged-in user's country, by the predicates. A user from one country can access...

Summary

The following diagram provides a useful summary of how security works in CRM Analytics:

Figure 7.8 – CRMA security review

As you have seen, you have a variety of options for implementing security in CRM Analytics. In this chapter, you learned about these security tools and how to deploy them.

What have you learned? First, you grasped the basics of security in CRMA. Next, you learned how to govern CRMA access permissions. Third, you learned how to use app-level security to control access to CRMA analytics app assets. Next, you became competent in configuring and enabling Salesforce sharing inheritance. Lastly, you learned how to build and deploy security predicates for more complex, detailed data governance use cases.

In the next chapter, you will learn to build your very first CRMA dashboard.

Questions

Here are some questions to test your knowledge of this chapter:

  • What is the purpose of app-level security in CRMA?
  • How can you control CRMA security from Salesforce objects and field access?
  • When a dataflow job runs, CRMA uses the permissions of ____________ user to extract data from Salesforce objects and fields.
  • What are three limitations of Salesforce sharing inheritance?
  • What are three use case scenarios for security predicates?
  • A security predicate expression must not exceed how many characters?
  • Is this is a valid predicate expression? Why, or why not?

"Revenue">100

  • A security predicate expression is case-sensitive – true or false?
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 10 of 19
Next Chapter
You have been reading a chapter from
Creating Actionable Insights Using CRM Analytics
Published in: Dec 2021Publisher: PacktISBN-13: 9781801074391
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Mark Tossell

Mark Tossell is passionate about solving problems and improving processes using data. Tableau CRM (Einstein Analytics) and Tableau, powered by AI, are the tools of his trade. He is a proud wearer of the Salesforce Gold Hoodie and recipient of the inaugural APAC Awesome Admin award. He is also a Trailhead learning addict, having earned over 420 badges. In addition, he is honored to be a Tableau CRM Ambassador and a Salesforce Partner Solution Engineer. Mark lives in Sydney, Australia, with his wife, Christina, and son, Adam.
Read more about Mark Tossell

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages