Delegated administration
Delegated administration involves making non-admin users administrators with limited capabilities. Delegated administration will be supported where the users have a role assigned; this means it will support Salesforce Standard and Chatter Only profiles. It will not support Chatter Free and Chatter External profiles as they don't have roles.
The primary functions of a delegated administrator include:
- Creating and editing users and resetting passwords for users in specified roles and all subordinate roles. This also includes setting quotas, creating default opportunity teams, and creating personal groups for those users.
- Unlocking users.
- Assigning users to specified profiles.
- Logging in as a user who has granted login access to the administrator.
- Managing custom objects created by an administrator.
The process starts by navigating to Setup | Security Controls | Delegated Administration. The steps are as follows:
- Create a group and give it a name that is applicable to your business need. If the Enable Group for Login Access option is checked, it means that if a user grants login access, the delegated admin can log in on behalf of that user.
- Assign users who will act as delegated administrators.
- Specify the roles and subordinates for which the delegated administrators of this group can create and edit users.
- Specify the profiles that the delegated administrators of this group can assign to the users they create and update. The delegated administrators cannot modify the profile. They can only assign users to these profiles.
- Specify the custom objects that the delegated administrators of this group can administer. The delegated administrators can manage every aspect of the custom object, except for setting the custom objects' permissions on profiles. All the options are shown in the following screenshot:
