ManualsPayments2Us Installation Manual SecurityHow to set up internal security (Salesforce users)

How to set up internal security (Salesforce users)

The below suggestions for security should also be used in conjunction with security best practices.  For details on security best practices, visit trust.salesforce.com, then click on the security tab, followed by the best practices link.

 

1. Read the Salesforce Security Implementation Guide

2. Select which users should have access to Payments2Us

Only users that need access to Payments2Us should be given access

3. Select which users will have access to the Merchant Facilities tab

Only a few select and trusted users should have access to the Merchant Facilities tab

4. Set up profile object security as a minimum per user as shown

Please note that you cannot edit the standard and custom permissions on standard Salesforce profile - you will need to clone a profile like Standard User and edit that. Note also that these are the minimum permissions required for Payments2Us users.

  • Note that encrypted fields should not be visible for any profile unless absolutely necessary.

5. Assigning permission sets to users

There are two permission sets that are applicable to internal (Salesforce CRM Users).  These need to be allocated to the users that will be using Payments2Us.  

The Permission Sets to use are:

  1. Payments2Us Admin Users - Assign this to users that need to update Payments2Us Payment Forms, Text or are able to approve Refunds.
  2. Payments2Us Standard Users - Use this for non-approvers and persons that don't need to change any of the Payments2Us Forms or text.

To assign permission sets, locate the user, click into view the details of the user, scroll down to the related "Permissions Set" list.  Click the 'Edit Assignments' button and assign.

 

6. Check approvals

Review which users have access to the Object “Payment Txn”, Field “Approved” button (AAkPay__Payment_Txn__c. AAkPay__Approved__c).  For profiles that have users that should not be able to approve refunds then this field should be made read only for them and an Approval Workflow process setup so they can request a refund.