FieldKo leverages Salesforce Permission Sets to control access to its features and objects. By using permission sets, you can easily grant FieldKo access to users with various profiles without modifying their base profiles. This article will outline the key FieldKo permission sets and how to assign them to users.
Understanding Permission Sets in Salesforce
In Salesforce, a profile provides base-level access, and permission sets are used to grant additional permissions beyond the profile. Users can have only one profile but multiple permission sets. FieldKo delivers pre-built permission sets to simplify the setup process, ensuring you can quickly provide the necessary permissions to your field users and admins.
FieldKo vs Profiles: Rather than creating numerous custom profiles for different FieldKo roles, you can keep users on standard profiles (e.g. Standard User or a minimal custom profile) and layer FieldKo permission sets on top. This approach is more flexible and scalable as your team grows.
Scope of Permission Sets: A permission set can include Object permissions (CRUD), Field-Level Security, App and Tab visibility, and system permissions. FieldKo’s permission sets are configured to include access to FieldKo’s custom objects (such as Visits, Surveys, Tasks, etc.), Apex classes, Visualforce pages (if any), and any custom settings it uses.
Example: You might have a profile “Field Rep” that has very basic Salesforce access. Assigning the FieldKo User permission set to that user will grant them access to FieldKo’s app, objects, and features without affecting other users on the same profile.
FieldKo Permission Sets Overview
After installing FieldKo, navigate to Setup > Permission Sets to review the permission sets included in the package. You will likely find permission sets named in a way that identifies them as part of FieldKo (for example, they may start with “FieldKo”). Common FieldKo permission sets include:
FieldKo User – Grants access to core FieldKo functionality for end users (field personnel). This typically includes:
Access to the FieldKo app and tabs (Visits, Tasks, Surveys, Accounts, etc.).
Create, read, edit permissions on FieldKo custom objects like Visit, Task, Survey, and related records so that users can perform their field activities.
Permission to use the FieldKo mobile application (which may involve API access – see note below).
Usually excludes administrative capabilities. It’s a “least privilege” set for general users.
FieldKo Admin – Grants full access to all FieldKo objects and settings for administrators or super users. This includes:
Modify All/Data access on FieldKo objects so the admin can see and edit all field records (regardless of owner) for support or data correction purposes.
Access to configure FieldKo settings (such as attendance tracking parameters, geofence settings, etc., discussed in the next article).
Ability to create and assign surveys, tasks, visits for the team. Essentially, this set allows management of FieldKo’s configuration and content.
FieldKo Manager (if provided) – In some managed packages, a “manager” or similar permission set is included to allow a user (like a team leader) to have read access to records owned by their subordinates and maybe additional reporting capabilities. If FieldKo includes a manager role, assign this to users who need to oversee others but are not full admins. This could grant read access to all Visits in their area, ability to approve records, or run special reports.
These permission sets are designed so you can mix and match. For instance, an external partner user on the portal might get “FieldKo User” plus a special “External Portal Access” permission set from Salesforce that limits what they can do. An internal field manager might get both “FieldKo User” and “FieldKo Manager” sets.
Security Tip: The FieldKo permission sets are built to grant only the necessary access. Avoid editing these sets directly; if you need a small change (e.g., adding access to a custom field), consider layering another permission set or cloning the provided one. This way, you preserve the out-of-the-box security model FieldKo provided.
Assigning Permission Sets to Users
Once you’ve identified which permission set(s) each type of user needs, assign them via the user’s detail page or the Permission Set management page:
Via User Detail: Go to Setup > Users, click on the user’s name. On the user detail page, find the Permission Set Assignments related list and click Edit Assignments. Move the desired permission set from the “Available Permission Sets” column to “Enabled Permission Sets” and save. The user now has those permissions.
Via Permission Set: Alternatively, navigate to Setup > Permission Sets, click on the specific FieldKo permission set (e.g., "FieldKo User"), and use the Manage Assignments button. Then click Add Assignments, select the users to assign, and confirm. This is useful to assign the set to many users at once.
Permission Set Groups: If you have multiple permission sets that are always given together (for example, a “FieldKo User” and another set for additional analytics access), Salesforce allows grouping them into a Permission Set Group. You could create a group like “FieldKo Field Rep Access” containing all relevant sets and assign that group to users, simplifying administration.
Remember that permission sets take effect immediately. There is no need for the user to log out or for an overnight process – once assigned, the user can access the new capabilities right away.
Special Permissions and Settings
FieldKo’s functionality might require certain system permissions which are handled via permission sets:
API Access: FieldKo mobile app likely communicates with Salesforce via the API. Ensure that the profiles or permission sets for FieldKo users have the API Enabled permission. (If you use the FieldKo provided permission sets, this should be included by default. On standard profiles like Standard User, API access is usually enabled by default as well.) Without API access, users might not be able to sync data from the mobile app.
Location Services: FieldKo uses GPS location tracking. There isn’t a Salesforce permission for GPS per se, but users will need to allow location services on their mobile device. As an admin, just be aware to advise users to grant the FieldKo mobile app location access so features like check-in geolocation work.
Camera/Photo Access: FieldKo supports photo capture. Again, on the Salesforce side there’s no special permission – but on device, users should allow camera access. In Salesforce, images might be stored as attachments or in a custom object; ensure the user’s permission set includes create access for whatever object stores photos (if not already included in FieldKo User set).
Reports/Dashboards Access: If you expect field managers or others to use Salesforce reports or dashboards on FieldKo data, make sure their profile or permission set allows them to use the Reports and Dashboards features (standard for most users). FieldKo data is Salesforce data, so you can create reports on Visits, Tasks, etc. Managers might need the “Report Builder” permission if they will create custom reports.
Note: FieldKo being native means it uses standard Salesforce security layers. The permission sets handle object and field access, while record-level access is handled by sharing settings (next article). Always consider both layers: a user needs the permission set to access an object and they need to be the owner or have sharing access to see specific records. For example, granting “View All” on Visit via a permission set would let a user see all Visit records, overriding sharing. Use such powerful permissions cautiously, typically only in the FieldKo Admin set.
Reviewing and Testing Access
After assigning permission sets, it’s a good practice to test with a user account:
Log in as a typical field user (Salesforce has a Login As feature for admins if granted, or use the user’s credentials with permission). Confirm that in the App Launcher they can see the FieldKo app and inside it, they can access the intended tabs (Visits, etc.) without encountering “Insufficient Privileges” errors.
Ensure they cannot access anything they shouldn’t. For example, a field rep should not be able to delete records unless that’s intended. Try to edit a Visit record owned by another user with a field rep account – it should be forbidden if sharing is set to private and no “View All” was given.
For a manager account, verify that they can see their team’s records. This might involve creating some test visits assigned to a subordinate user and checking the manager’s view.
If something is amiss, adjust either the permission sets (for object/field access) or check sharing settings. Common mistakes include forgetting to assign the permission set, or assigning the wrong one (e.g., giving a user only FieldKo User when they also needed FieldKo Manager).
Permission sets are a powerful way to manage FieldKo access in a scalable manner. By using the provided FieldKo permission sets and tailoring assignments to each user’s role, you maintain security and avoid the pitfalls of overly permissive profiles. With users and permission sets in place, we can move on to configuring FieldKo’s settings to suit your organisation’s needs.