Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Contact Support
  • Home
  • Admin Manual
  • Administrative Tasks to Maintain Your HomeKeeper

Security and Permissions

Written by Kathryne LeBell

Updated at May 16th, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Getting Started with HomeKeeper
  • User Guide and Tutorials
    Application Tracking Homebuyer Management Post-Purchase Monitoring and Stewardship Counseling and Education Property Development and Tracking
  • Training and Events
  • Admin Manual
    Release Notes Administrative Tasks to Maintain Your HomeKeeper
  • Featured Articles
+More

Table of Contents

HomeKeeper Default Access Security Terms Permission Sets Overview HomeKeeper Access without System Admin Permissions Profiles Overview Restrict Access Using Profiles Further Reading & Resources

Salesforce and HomeKeeper offer a variety of tools to give you control over who can access which pieces of data. Some of these tools are better for granting access, while others are better for revoking access. This article discusses HomeKeeper's default access and provides an overview of these tools and how to use them.

NOTE: This Salesforce Trailhead module provides an in-depth review of Salesforce Security Basics (recommended for all HomeKeeper Admins). 

 

HomeKeeper Default Access

HomeKeeper is designed to function best with this open access for everyone. Attempting to limit access to certain objects or fields is possible, but can cause certain features to behave incorrectly. Backend automations sync information across records, and limited access can break that automation. 

You may want to restrict access to align with your business processes. For example, if you have volunteers working in your instance, you may want to restrict their access to preserve sensitive client information.

In the rest of this article, we'll review the methods you can use to restrict access to give you a better sense of what your users are able to do. If you use these tools and run into any errors, please submit a HomeKeeper support ticket so that we may review it with you.

Security Terms

First, we'll define some security terms that will come up throughout the rest of this article:

NOTE: Your primary tools for managing access in HomeKeeper will be Permission Sets and Profiles. 

 
  • Permission Sets: These are the simplest way to grant access. If someone has a restrictive profile and you want to give them access to something, it is best to create a permission set and assign to them to grant access. This is Salesforce's recommended tool to provision access.
  • Profiles: These are the simplest way to restrict access. Every user has a profile assigned to them, and each profile has a list of things it can and cannot access.
  • Organization-Wide Sharing Default (OWD): Your Salesforce org can be configured to restrict access to specific records by ownership (i.e. if a user “owns” a Service File, other users wouldn't be able to edit it). As mentioned above, this is not how we configure HomeKeeper and we generally recommend against setting more restrictive OWDs, as it can cause certain features to behave incorrectly.
  • Record Ownership: When a user creates a record, they become the owner of that record. It can also be manually reassigned using the ‘Change Owner’ button on the record.
  • Object-Level Security: This determines access to an object. Can the user view it, edit it, delete it? This is all determined by object-level security.
  • Field-Level Security: This determines access to specific fields on an object. If a user does not have access to view that field, it will not show up when they access the object that its on. If they do not have edit access, they'll be able to view it but be unable to make changes to it.

Permission Sets Overview

Permission Sets are the best tool for granting access in Salesforce.

The default HomeKeeper Administrator profile grants access to all HomeKeeper objects and fields, but maybe you have assigned a more restrictive profile and want to ensure access to something for an individual. Creating a new profile for every exception can sprawl very quickly and is time-consuming - permission sets are more flexible.

EXAMPLE: You have a volunteer who has been assigned the more restrictive custom ‘HK Volunteer’ profile. However, you need this volunteer to be able to access “Applicant Income,” which is not accessible via the Profile. Assigning them a permission set with that access allows them to access that one additional Object without having to create an entirely new profile.

 

There are permission sets built into HomeKeeper that grant access to all HomeKeeper fields and objects. This allows you to limit System Administrator functions (creating/deleting users, deleting records, adding new fields/objects, etc.) without limiting access to HomeKeeper. Below are step-by-step instructions for setting this up.

To view permission sets, enter ‘Permission’ into the Quick Find box in Setup and click ‘Permission Sets’.

Avoid making any changes to the HomeKeeper User and HomeKeeper User - Unmanaged permission sets, as these are designed to grant access to all HomeKeeper objects. If you wish to limit access to an object in HomeKeeper it would be best to create a new profile, as described below.

Permission Sets allow you to adjust all of the same settings as the profile, but they can only grant access, not restrict it. If a user has a more permissive profile, it doesn't matter if a setting isn't checked in the permission set. The profile grants them access, so they have access.

To view all of the users that have been assigned a permission set, or to mass assign a permission set to multiple users, click the ‘Manage Assignments’ button. To view all of the settings impacted by a permission set, click the ‘View Summary’ button:

HomeKeeper Access without System Admin Permissions

You may wish to limit the number of users with System Administrator-level access. This is a smart move, especially if you have a large number of users. This is very easy to manage with permission sets.

Create a new profile for your general users. Clone the existing ‘Standard User’ profile and name it something like ‘HomeKeeper User’

  1. Once you've created the new profile, assign any non-System Administrator users to the new profile. You will need to do this from the User menu.
  2. After the users are assigned their new profile, find the HomeKeeper User permission set. Click ‘Manage Assignments’ and assign this permission set to all of the users on the new profile.
  3. Repeat this process for the HomeKeeper User - Unmanaged permission set.

You now have limited access to System Administrator functions, without removing access to any HomeKeeper objects or fields!

Profiles Overview

Check out this Salesforce article on profiles. Every user in your system requires a profile, which will most likely be the HomeKeeper Administrator profile. 

HomeKeeper provides one default profile - the HomeKeeper Administrator profile. This is our custom profile created for HomeKeeper Usage. By default, it has read access to all objects and fields, edit access to most objects and fields, and administrator abilities such as creating new users and fields. 

  • This is the recommended Profile for all users who will be entering data into HomeKeeper.
  • Your administrator may have added additional custom profiles for additional security based on your organization's needs.

You can view all your users' currently assigned profiles from the User menu in Setup:

To view the specifics of a profile, you can click on it from the User menu or type ‘Profile’ into the Quick Find bar in Setup to view a list of all profiles in your instance. There are several pre-populated standard profiles that you will most likely not use, as they don't have access to HomeKeeper objects.

When you click into the profile, you'll be able to view all of the settings managed by that profile. These include many general system permissions, object access, and more. Be cautious when editing these settings as they can have wide-ranging effects. 

Editing Profiles: If you need to make changes to the HomeKeeper Administrator profile, we strongly encourage that you clone it and make those changes to a new profile. This ensures that if a setting is accidentally changed, you can revert back to the original profile if necessary. Clone an existing profile by clicking the ‘Clone’ button at the top of the page.

 

Restrict Access Using Profiles

To restrict access to an object or field using profiles, click on ‘Object Settings’ in the profile overview. This will show you a list of all the objects in your instance. Find the one that you wish to edit; if adjusting a field, find the object that the field is on.

Once you've clicked in, you'll see the following menu. Click ‘Edit’ to make any changes:

  • Unchecking ‘Read’ under Object Permissions hides all records of this object type from any users assigned to this profile.
  • Unchecking ‘Create’ means that they can view and edit existing records but cannot create new ones.
  • Unchecking ‘Edit’ means that they view existing records, but cannot edit or create new ones.
  • Unchecking ‘Delete’ removes the ability to delete records.

Further down on the page, you'll see field permissions. These allow you to control access at the field level:

  • Unchecking ‘Edit Access’ means that any user assigned this profile can view the field but not make changes to that field.
  • Unchecking ‘Read Access’ hides the field entirely.

Once you've made your desired changes, scroll back up to the top of the page and click ‘Save’:

You can restrict access to multiple objects on the same profile, and it's best to limit the number of profiles you create, as they can quickly sprawl. 

Warning: As mentioned above, restricting access can lead to errors and unusual behavior in HomeKeeper. Before restricting access, you should have a clear understanding of why you're restricting it and anticipate potential issues.

For example, if you limit access to ‘Income Sources’, users will encounter the following error on the Applicant Info tab:

 

Further Reading & Resources

Security in Salesforce is a very complicated topic. We designed security in HomeKeeper to be as easy as possible, but if you find that the more open approach is not suiting your organization's business needs, there are options available for you. We encourage you to review the following resources before making too many changes:

  • Secure Your Environment Salesforce Trailmix
  • This Salesforce Security Implementation Guide provides an even more thorough review of Salesforce security settings
admin guide setup security permissions

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Troubleshooting Errors when Submitting to HUD
  • How to Add the Latest HUD Activity Type to HomeKeeper

Copyright 2025 – groundedsolutions.

Knowledge Base Software powered by Helpjuice

Expand