It’s not enough to know how to do something. Delivering real value as a technology leader comes from knowing which action is optimal, why it is optimal, why it is important to act, and when action should be taken. How to execute the action is often the simplest step.

Knowledge is not the same as Understanding

Much like Reading is not the same as Comprehension, it is not enough to be able to read words on a page, you also need to understand their meaning.

When I trained to become a pilot, I remember a key lesson was not just looking at the instrument panel but interpreting what information was displayed and then taking appropriate action.

Consider this when working through Salesforce Trailhead self-learning and passing exams for Salesforce Certificates. If you want to be valuable in the Salesforce ecosystem think beyond the “how” and focus more on the “why”.

When hiring a Salesforce architect / consultant / developer / administrator the ability to ask the right questions and decide on the most appropriate action is more valuable than knowing mechanically how to do something when asked.

Salesforce Health Check

Salesforce provide a Health Check tool which compares the security settings to a standard baseline.

I often assist Salesforce customers who have a low health check score which has been categorised as “very poor”. The administrator usually knows how to fix the issues called out as critical risks. However there is often there is a poor understanding of why action is important and the risks remain unmitigated.

Developers should know how to right good code. Yet code is often written poorly and won’t scale or is not properly tested with test methods which assert against required business outcomes.

Salesforce Data Access

When Salesforce is first licensed access to most data entities being is Public Read/Write and the external user sharing model is disabled. Leaving Sharing Settings (Org-Wide Default access controls) set this way means all users, both internal and external, who have at least Read access, can see every record.

The “how” to fix that is not complex – change the default to Private (at least for external users) and establish Sharing Rules/Sets to expand access to the minimum needed.

The “why” should be obvious too, yet frequently I find enterprise implementations where data access is more open than it should be.

Maintaining a Healthy Salesforce

Next time you run the Salesforce Health Check, Portal Health Check, Optimizer Report or Static Code Scan Report:

  1. Think about what the report is telling you
  2. Consider what options exist to mitigate any issues which are highlighted
  3. Decide which option is optimal and why
  4. Decide whether action needs to be taken and when
  5. Then take ACTION

Salesforce provides these resources to keep your organisation safe and your customers’ data safe. If risks are called out, knowing how to fix them is not enough.

It is essential to act on prioritised decisions otherwise these “instruments” won’t help keep you safe.

About the Author

Richard Clarke is the Salesforce Practice Director at PS+C Artisan. Richard has led Salesforce delivery teams in the Australia, New Zealand and the USA and applies over 20 years of enterprise software experience when delivering business value with

Richard currently holds 21 Salesforce Certificates and was first certified in 2009.