Salesforce is Point & Click

550-5.7.26 Unauthenticated email from [DOMAIN] is not accepted due to the domain's DMARC policy The message is unambiguous, you have an issue with the DMARC policy.   You can find the message in the email log, in those lines with a "P" in the Mail Event column. But ... can we trust the error message? Well ... let's see. DMARC/DKIM/SPF & NSLOOKUP Domain-based Message Authentication, Reporting, and Conformance (DMARC)  is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing ... DMARC extends two existing email authentication mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) . It allows the administrative owner of a domain to publish a policy in their DNS records to specify how to check the From: field presented to end users; how the receiver should deal with failures – and provides a reporting mechanism for ac...

A permission set group streamlines permissions assignment and management. Use a permission set group to bundle permission sets together based on user job functions. Users assigned the permission set group receive the combined permissions of all the permission sets in the group. Reference: Salesforce   In these two articles: Salesforce Profiles and  Salesforce Permission Sets  we found that the Minimum Access - Salesforce profile approach proposed as a general solution and in particular for the Data Security Trailhead module can lead us to have so many permission sets that it can be a challenge to manage them. It is normal to reach the same conclusion as this Trailhead module Get Started with Permission Set Groups  when they say: " ... given how quickly permission sets can multiply, you may have wondered how to simplify permission set management .. .". And yes, you are correct 😀, the solution is the Permission Set Groups. And the main reasons to use Permission S...

A permission set is a collection of settings and permissions that give users access to various tools and functions. Permission sets extend users’ functional access without changing their profiles. Reference: Salesforce   We need to remember what a Salesforce Profile is and always keep in mind this: extends users' functional access without changing their profiles . That is key: I need these types of users to do something else, then I might create a new Permission Set for that function (like for instance, including a permission set to force Multi-Factor Authentication or to "make" a user a Knowledge Base Reader). ... then use permission sets to grant more permissions as needed ... In the  Salesforce Profile  article, I proposed a solution based on the Minimum Access - Salesforce profile for the Hiring Application introduced in the Data Security Trailhead Module. These were the Permission Sets proposed: Position - CREx Position - xRxx (No min/max pay) ...

Profiles define how users access objects and data, and what they can do within the application. When you create users, you assign a profile to each one. Reference: Salesforce   And my recommendation is that, before you start and create a Profile for each Role in the Role Hierarchy , you should read carefully what a Permission Set is, how it defines too how users access objects,  and get a good understanding of what is the difference between a Profile and a Permission Set . Check the table at the end of this post The Fall of the Profile Empire  to see what you can do only with profiles. The Profile Minimum Access - Salesforce  proposed approach I will use the example Hiring Application proposed in the Data Security Trailhead Module to develop the approach. Regarding data security, the module deals with permissions at 4 levels: Org, Object, Field, and Record. But I will work with only two levels: Object and Field. The required permissions are: ...

Flow Element: Pause for a Screen Flow We cannot use the Pause element in a Screen Flow , and there are use cases where we might need the user to wait some seconds before he/she can continue working with the Flow. Even if you can use a Pause element (for instance, calling an auto-launched sub-flow that Pauses the execution), once the Pause element is executed, the main Screen Flow receives a message like " The flow interview is now waiting. It will resume in the background later ", and later means in the next 10-15 minutes. In other words, the user may have to wait 10-15 minutes to continue working with our Screen Flow! Not a nice user experience, don't you agree? Let's say we have a situation where we need to execute a background process (like an Apex batch job or a call to an external application that should do something a return) and in the next step, we need the output of the background process. The problem here is that it should be a smooth, only screens user exp...

Salesforce is on the path to removing or reducing the need for Profiles. They are almost there ... Since 1999 the Profile has been the king when settings and permissions are needed. In 2011, the Permission Set was introduced with strong recommendations as a good practice and in the hope that it would help reduce the huge number of profiles per org. In 2019, Permission Set Groups were introduced, not only to group Permission Sets but to relate to functional roles (what was a proposed idea with Permission Sets, is now a point & click configuration). In 2020, the Minimum Access - Salesforce profile was introduced ( Summer'20 ), and in less ...

I did my best to solve an interesting challenge (solve? nope, probably it is just a workaround 😏).  Challenge : Why in the Case's Attachment list I cannot select and delete? As you know, there are too many emails, and in each email there is a picture used as the email signature, and that picture is shown as a case's attachment mixep up with the "real" attachments!!!!!! The installation details are at the end. For those of you that don't know about this issue, please check these Ideas:  Allow Created Date in "Notes & Attachments" related list  (8 years ago, and by the time I wrote this, 11 days ago, someone wrote again asking for it). This is more related to the fact that in the ListView we cannot differentiate two files with the same name unless we open them. Hence the Created Date field can help.  Email Signature Images as attachments  (5 years ago, and by the time I wrote this, 3 days ago, someone wrote again asking for it). If you enabled Email-2...