By #cloudgaier Octavio Guillermo Kuhl
I found this issue configuring this feature in a developer edition and with the guidelines provided by Salesforce everything was working smoothly until we replicated in Sandbox and production where an “Insufficient Privileges” popup appeared when the “delegate” tried to “Log in as” a different user which is the primary requirement for troubleshooting user errors.
Googling the solution the “Modify All” permission came up… it didn’t sound right to me, so I started trying out different ideas. I share with you the findings I got in case someone else finds them useful.
When you add people to the delegate group you can see “duties” you can ADD for this group. Among them you will find this two:
- User Administration: “Specify the roles and subordinates for which delegated administrators of this group can create and edit users.”
- Assignable Profiles: “Specify the profiles that delegated administrators of this group can assign to the users they create and update.”
I tried using both to be able to “Log In As” and fortunately one worked, even though it is supposed to do something different.
User Administration allows me to assign X role BUT also I could “Log In As” any user with X role and subordinates.
Up to now, to be able to LOG IN AS you should.
- Create the group, checked the Enable Group for Login Access
- Add People with a profile that has “view setup and configuration” (Standard User has)
- User Administration: add the role from which the group is going to be able to access from and below, but not top of it.
With his setup the delegated will be able also to edit users of his own rank and below BUT not above, if you need to perform things to all users, example: reset passwords, only grant this possibility and do not check “Manage Users” is like a Modify ALL for Users.
Only add what is really needed.
Hope this helps!! #sharingknowledge #cloudgaiavibe
