View Categories

Setting Up New Staff

To give new staff access to Public House, you’ll need to:

  1. Assign the correct Salesforce Profile and Permission Sets.
  2. Grant them access to your cloud storage applications folder (e.g., Google Drive, Dropbox, Box, or AWS).

Tip: Don’t forget to remove access when staff leave your organization.

Salesforce Access

Profiles

Assign one of the following Salesforce profiles to each new user:

  • HomeKeeper Administrator
  • HomeKeeper Users
    Or an equivalent profile with similar object and Field access.

Set the Profile from the User record in Salesforce Setup.

Permission Sets

Required for all users:

  • Public House API
  • PHA Unmanaged Package Permissions
  • HomeKeeper User
  • HomeKeeper User – Unmanaged

Additional (only if user needs to view the Social Security Field):

  • View Encrypted Fields

Assign Permission Sets in:
Salesforce Setup > Permission Sets > [Select Set] > Manage Assignments

Cloud Storage Permissions

Staff need access to your cloud storage applications folder to view uploaded applicant files in Public House.

Finding Your Applications Folder Name
In Salesforce, go to:
Public House App > PH Setup > Cloud Storage
You’ll see the folder name listed there.

Google Drive / Dropbox / Box

  1. Log into your cloud storage platform.
  2. Navigate to your applications folder.
  3. Right-click and choose Share or Manage Access.
  4. Enter the staff member’s email address and send the invite.

After they accept the share, they’ll be able to view uploaded files through Public House.

AWS

  1. Create an IAM User
    Go to AWS IAM and create a new user for the staff member.

2. Create an IAM Policy

  • Go to the IAM service in the AWS Management Console
  • Navigate to Policies and click Create policy
  • Switch to the JSON editor
  • Paste the following policy, replacing placeholders with your actual values: 
  • Use the policy below to give access to your folder:
    {
        "Version": "2025-01-01",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject"
                ],
                "Resource": "arn:aws:s3:::your-bucket-name/your-folder-name/*"
            },
            {
                "Sid": "AllowListBucketOfASpecificUserPrefix",
                "Effect": "Allow",
                "Action": "s3:ListBucket",
                "Resource": "arn:aws:s3:::your-bucket-name",
                "Condition": {
                    "StringLike": {
                        "s3:prefix": [
                            "your-folder-name/*"
                        ]
                    }
                }
            }
        ]
    }

Replace your-bucket-name and your-folder-name with your actual S3 values.

3. Attach the Policy to the IAM User

  • Go to IAM > Users, select the user, then go to the Permissions tab.
  • Click Add permissions > Attach existing policies directly.
  • Search for the policy you just created and attach it.

The user will now have permission to list, read, upload, and delete files only in your designated folder.