Control Who Can Change Encryption Policies

Sometimes you want only certain individuals on your admin team to complete encryption tasks. If these tasks involve handling encryption key material and managing encryption policies, you can restrict encryption policy tasks to users with the Manage Encryption Keys permission.

Where: This change applies to Salesforce Classic, Lightning Experience, and all versions of the Salesforce app in Enterprise, Performance, Unlimited, and Developer editions.

Who: To restrict access, you need the Manage Encryption Keys permission.

Why: The Advanced Settings page has one setting to specify which security admins can handle encryption tasks, and which can continue to focus on other security-related admin jobs. You don’t have to touch the permission sets and role assignments that you spent so much time and effort on.

How: From Setup, enter Platform Encryption in the Quick Find box, and click Advanced Settings. Then select Restrict Access to Encryption Policy Settings.