Applying permission

Now you've understood that the ability to run a report, create a report, export a report, create a dashboard, and so on is controlled by permissions--only users granted with these permissions are able to perform such activities, as we discussed in the previous sections.

Securing a report or dashboard means to make sure the report or dashboard is accessible only to users that should have access; some users may just need to be able to run a report, but not to modify it. This is controlled in the folder that stores the report or dashboard instead of the report or dashboard itself. Managers of the folder are able to configure and share the folder with other users, and determine their access level.

Earlier in this chapter, we also mentioned that there are many types of permissions related to report and dashboard folders. With additional permission, a user will be able to access all reports (except private reports and private dashboards), even if the user is not added to the group accessibility. As admin, you should make sure just to grant permissions to users that need it.

Here is the difference assigning permissions through Profile and Permission Set:

• Profile: All users within the profile will get the permission enabled for the profile. This is a good option when you need to grant a permission to all users in the same profile, such as permission to run a report.
• Permission Set: The admin can create a permission set with one permission only, or with multiple permissions. This is a more flexible option when you need to grant certain permissions to users across profiles, such as permission to create report folders--you may not want everyone to be able to create folders, which could make your report folders messy if not controlled.