I've had a few clients that needed the ability to track multiple address blocks on the lead and have them convert into the two account address blocks.  It seems like a fairly common requirement and Salesforce is a bit limited here.  It's easy to map and convert custom field to custom field but there is no facility to map into the Account address fields.

The first time this happend, I asked Tom to write a trigger to facilitiate this.  It worked perfect.  The second time though, I wanted to try and push the envelope and here's what I came up with.  As a refresher, this article describes how standard fields are mapped during lead conversion.  (Basically the one Address block on Lead maps to the Billing Address on Account and the Mailing Address on Contact)

Disclaimer - this fix requires Enterprise edition since it utilizes workflow.  (Sorry my PE,GE friends...)

My requirement was that I needed both address blocks on the lead to map into the Account address blocks.  So here's the workaround:

1. Create another set of address fields on the Lead object.  I created Street, City, State, Zip to keep things simple.
2. Create another set of address fields on the Account object.  I called these "Temp Street, Temp City, Temp State, Temp Zip", since they are a holding location only.
3. Map the 2nd Lead Address Block to the Shipping Account Address block.
4. Create a workflow rule that runs upon create.  Create 4 field actions in the workflow rule to populate the Shipping Street, Shipping City, Shipping State, Shipping Zip block.

And that's it!  When the Lead is created, two address blocks are filled out.  The custom 2nd address maps to a secret 3rd address block on Account, and then a workflow rule moves things back to the standard address block on the Account.

What do you think?  Do you have any other snazzy tricks using the great features of the Salesforce platform?  Post a comment here!

-Garry

Follow me on Twitter here:  http://twitter.com/DarthGarry

I've been there dozens of times.  Customers asking me about Salesforce security.  They say "I just don't understand those roles and profiles and groups.  What do I need to do to use Salesforce?"

I've finally been able to distill the issue down to two simple questions.  If you can answer these questions, then you have just determined the direction you need to go with Salesforce security.  

Question #1 - Do I want every user in my company to be a Salesforce.com administrator?

If you answered "No", then you just stated that you need to implement profile level security.  Profiles define a user's experience.  Particularly, they enable an administrator to restrict users from accessing different parts of the system.  You can restrict object access, field access, administrative and user level permissions.  For you Windows NT guys, remember the Group Policy Editor?  It's the Salesforce equivalent.

There are many facets to profile level security.  I generally find it is easiest to identify the users that will be using Salesforce first, and then back into the specifications for each type of user.  Typical profiles include "System Administrators, Power Users, Standard Users".  Once profiles are identified, I review the needs of each group such as:

• Login restrictions on time and place
• Application and Tab accessibility
• Object and field accessibility
• User level abilities (run reports, export data, send emails)
• Administrator level abilities (manage reports, modify other user profiles, import data)

Question Number 2:  "For a particular object, should all users be able to see and modify all of the records?"

If you answered "No" to this question, you indicate that you need to implement Role based security.  Role based security can also be thought of as "Row Based" security.  If you imagine a data table, roles allow you to restrict the roles of the table the user has access to.  A row could be a particular customer account they should not be able to see.

Implementing role based security is often more mystical than profiles as there are may layers that impact a users visibility to a record.  These layers include the "Organizational Wide Default" on the object, their position in the role heirarchy, Sharing Rules, and Manual Sharing.  The short version of how to understand role based security needs is the following: 

• Determine which objects need to have data restricted and enable organizational wide default restrictions (i.e. should all Accounts be public read/write, or Private to their owners)
• Determine the heirarchy of users that should automatically share data.  (i.e. should a sales manager see data of their subordinates?  If so you need to define a role heirarchy)
• What are the exceptions to the role heirarchy?  Determine exceptions and craft sharing rules to open things up.
• Train staff on manual sharing usage so they can share records that fall outside the sharing rules if needed.

I hope this short, 2 cent tour of Salesforce security shines some light on the complexity.  To recap, remember there are two separate security models in the application.  Profiles determine a user's experience in Salesforce.  What applications, objects, and fields can they see.  Roles determine what records a user has access to (Their own records, their team's records, or all records).

Do you have any other critical questions you think all administrators should ask?  Post a comment!  Thanks for reading - Garry

Sometimes I go into a Salesforce org and things are configured in such a way that they work but are much more complex than they need to be.  Here is one example.  It is a workflow criteria, that the former admin did not know some of Salesforce's shortcuts.  The old version looked like this:

The fixed version looks like this:

One simple change, greatly reduces the complexity of the workflow rule.  No need to manage 40 lines of criteria and OR operators.  Each comma in one criteria line is an implied "or", saving a lot of time when setting up one critiera with several possible true values.

Hope you can put this in your toolbelt for future use!

Garry