Chapter 21

Accessing the Right Data with User Permissions

IN THIS CHAPTER

Managing users over time

Planning your sharing model

Building profiles to determine access

Defining your role hierarchy

Delegating administrative duties

How can Salesforce be customized for your company so each user sees only pertinent information? You’ve come to the right chapter.

For administrators or members of your customer relationship management (CRM) project team with the right privileges, Salesforce allows you to easily configure your system so that users can access and share information according to your goals. With Salesforce, you have a variety of ways to control access and sharing of data, from system-wide sharing rules to assigning profiles. And, if you have Enterprise or Unlimited Edition, you have industrial-strength flexibility, even to the point of field-level security.

In this chapter, we show you all the steps you can take (or should consider) for configuring Salesforce to ensure that users see only what they need to see. We discuss concepts around creating the role hierarchy, assigning profiles, determining field-level security, creating users, and setting up your sharing rules.

Understanding User Administration

When Salesforce.com supplies user licenses for your organization, administrators can add users into Salesforce. You don’t have to create the roles and profiles before you add users, but we recommend doing so because Role and Profile are important fields when you’re creating a user record. In this section, we discuss various ways of creating users and managing them.

tip Not sure what roles and profiles are, but want to get started quickly? At least review the “Defining the Role Hierarchy” and “Reviewing the standard profiles” sections later in this chapter, so you understand what the out-of-the-box permissions allow.

Creating a new user

To add users, click the Setup link and follow these steps:

  1. Click the Users link under the Administer ⇒ Manage Users heading on the sidebar.

    A users list page appears.

  2. (Optional) Use the View drop-down list if you want to select from standard or custom list views of your users.

    Salesforce presets your views with three standard options: All Users, Active Users, and Admin Users.

  3. Click the New User button to add users one at a time.

    A New User page appears in Edit mode.

    tip To enter a list of users that need to be created (instead of one at a time), click the Add Multiple Users button instead.

  4. Complete the fields, paying close attention to selecting appropriate Role and Profile values.

    Select the Generate New Password and Notify User Immediately check box at the bottom of the New User page if you want the user to immediately receive an email with her username and temporary password. If you’re in the midst of an implementation, we recommend deselecting this check box and doling out passwords when you’re good and ready.

    warning If your company is just starting out with Salesforce, be cautious and don’t give all your new users the System Administrator profile. Future generations of users at your company will thank you for taking a prudent approach to configuring things in Salesforce, as opposed to allowing too many cooks into the Salesforce kitchen.

  5. Click Save.

    The User detail page appears.

Activating and deactivating users

After you’ve created a new user, you can activate or deactivate him. Activation means the user is able to log in to Salesforce and start using it. Deactivation means, well, the opposite. There is no concept of deleting a user, which helps with compliance and auditing purposes, as well as avoiding a lot of complications when it comes to historical records owned by and actions performed by that user.

To activate or deactivate a user, click the Setup link and follow these steps:

  1. Click the Users link under the Administer ⇒ Manage Users heading on the sidebar.

    A users list page appears.

  2. Click the Edit link to the left of a user’s name.

    The User Edit detail page appears for that user.

  3. Check the Active box, depending on what you want to do.

    If you see a checkmark, that means the user is active. Removing the checkmark means that user is deactivated.

  4. Click Save to save your action.

    You’re returned to the user list page.

Freezing users

What if the user you’re trying to deactivate is associated with some special settings in Salesforce (like being a default lead or queue owner)? This may take some time as you confirm with business users who the replacement assignee should be. In the meantime, the clock is ticking and you still need to prevent this user from accessing Salesforce. That’s when you can freeze a user’s record, which disables that user’s ability to access Salesforce while you perform related system administrator duties.

To freeze a user, click the Setup link and follow these steps:

  1. Click the Users link under the Administer ⇒ Manage Users heading on the sidebar.

    A users list page appears.

  2. Click the name of the user you want to freeze.

    The user’s detail page appears.

  3. Click the Freeze button.

    You’re returned to the user detail page, and the button name changes to Unfreeze. To unfreeze that user record, click the Unfreeze button.

Establishing Data Access Concepts

Before jumping into the guts of system design, take a minute to review five basic configuration elements. These will help as you begin to think about who in your company should see and edit what in Salesforce.

  • Users: These are the specific people who use your Salesforce system.
  • Sharing model: Defines the baseline, general access that users have to each other’s data. Also known as organization-wide defaults, org-wide defaults, or simply, OWDs. If you already know that certain groups should not be seeing other groups’ information, you want to start with the most restrictive sharing model and use things like the role hierarchy and sharing rules to open access to information. It’s easier to provide more access than it is to selectively restrict it.
  • Roles and role hierarchy: Define who reports to whom in your organization, for the purposes of seeing and editing information owned by others, which aids in running reports. Think of roles as a way to provide vertical access to data (that is, up and down a hierarchy). People higher up in the hierarchy are able to report on those below them in the hierarchy. For example, if you’re a manager of a team of sales reps, you’ll have a role above your team and be able to see all the account, contact, and opportunity data owned by your team. Individual sales reps, however, may not be able to see opportunity information owned by their peers. This doesn’t always have to mimic your company’s org chart exactly, however. Another example is that a sales operations analyst may not have any direct reports, but must run reports on the entire sales team. This person could share a role with the head of sales, only because of her reporting needs. Each user should have an assigned role within your defined role hierarchy.
  • Profiles: Control a user’s capability to see and access different fields within a record in Salesforce. For example, service reps will find some fields on an account record more relevant than other fields that may be very important to a marketing operations analyst. To make the service reps’ view of the account record more pertinent and less confusing, you could hide certain irrelevant fields from their view by assigning them a custom profile. You must assign a profile to each user.
  • Sharing rules: Opens up access to data for specific users or groups of users. Think of this as opening lateral or horizontal access to your data, by giving certain peer groups or individuals this exception.

You use these five elements as the primary levers to deliver the proper level of access and control for your company in Salesforce.

Defining Your Sharing Model

As an administrator or member of your CRM project team, one of your biggest decisions in Salesforce is how users will share information. A sharing model controls the level of access that users have across an organization’s information, not just up and down the chain. You can use the sharing model with the role hierarchy, public groups, personal groups, and the default access for each role to get pretty specific about what you want people to view or change. You use the organization-wide sharing model and, if necessary, public groups and expanded sharing rules in Salesforce to configure your sharing model.

tip For smaller, younger organizations, start with an open, collaborative sharing model, as opposed to a secretive sharing model in which no one knows what anyone else is doing. (A secretive sharing model sounds like any oxymoron, right? Well, it can be because if you don’t carefully think about ramifications, you could be back to where you started with giant heaps of information.) If collaboration is one of your goals, a more-restrictive sharing model can have a greater potential negative impact on end-user adoption. You can always change the sharing model in the future if people scream loudly enough. But nine times out of ten, the value of collaboration overcomes the initial concerns with users viewing other users’ data.

Setting organization-wide defaults

The organization-wide defaults (OWDs) set the default sharing access that users have to each other’s data. Sharing access determines how data created by users in a certain role or public group is viewed by users within another role or public group. For example, you many want your sales operations team to see the dollar value of won opportunities so that they can verify what was booked versus what’s listed on the signed contract, but you probably don’t want them editing the amount of that won opportunity. If any role or public group possesses data that at least one other role or group shouldn’t see, your sharing model must be private; all other levels of openness must be granted as an exception via groups (more on that later).

remember No matter which defaults you set to the sharing model, users will still have access to all data owned by or shared with users below them in the role hierarchy.

To configure the organization-wide defaults, click the Setup link and follow these steps:

  1. Choose Administer ⇒ Security Controls ⇒ Sharing Settings.

    The Sharing Settings page appears, showing org-wide defaults for several objects, as well as specific sharing rules for those objects.

  2. Click the Edit button in the Organization Wide Defaults list.

    The Organization Sharing Edit page appears.

  3. Select the desired settings.

    Click some picklists to see the different options. The options are typically Private, Public Read Only, and Public Read/Write. Some objects may have options specific to that object’s functionality, like the Calendar object, and the ability you have to set how much information people can see on others’ calendars. For example, if you want the most restrictive model, choose the following as your defaults: Private for the major records and Hide Details for Calendar. Some standard objects, like the Lead and Case objects, have extra-special powers and have an additional option, Public Read/Write/Transfer. This assumes that someone working heavily in leads or cases will often need to transfer a lead or case record that isn’t owned by him to someone else.

    remember Remember what we said about role hierarchy providing “vertical access” to data? A Private sharing setting on an object still assumes that people with a role above yours in the role hierarchy can see and report on those records. Salesforce always, by default, respects the hierarchy structure — sharing settings determine only how peers and those outside your typical chain of command see your data. For more complex sharing scenarios, you can have the option to deselect the ability to grant access to records based on role hierarchy, but, you may want to consult with Salesforce support or a Salesforce Partner before making such a complex change.

  4. Click Save.

    The Sharing Settings page reappears with your settings listed under the Organization Wide Defaults list.

Granting greater access with sharing rules

By using public groups, roles, or roles and subordinates, you can create sharing rules to extend access above and beyond the organization-wide defaults. For example, if your default sharing model is read-only but you want a group of call center agents to have edit privileges on account records, you could do this with a custom sharing rule.

To add a sharing rule and apply it to your data, click the Setup link and follow these steps:

  1. Click the Sharing Settings link under the Administer ⇒ Security Controls heading on the sidebar.

    The Sharing Settings page appears.

  2. Scroll down and click the New button next to any of the standard or custom object Sharing Rules lists, as shown in Figure 21-1.

    All lists operate much the same but relate to different records. A Sharing Rule setup page appears for your selected record.

  3. Use the drop-down lists to define the data you want to share and the related roles or groups that you want to share that data with, as shown in Figure 21-2.

    For example, you may want to grant your customer support team read/write privileges to account data owned by all internal users. You can apply the sharing rule based on types of users who own the record, or create other filter criteria.

  4. Click Save.

    The Sharing Settings page reappears with your new rule listed under the appropriate related list.

image

FIGURE 21-1: Adding a new sharing rule.

image

FIGURE 21-2: Showing a sharing rule.

tip When you add a new sharing rule, Salesforce automatically reevaluates the sharing rules to apply the changes to all your records. If your modifications are substantial, you’ll be warned with a dialog box that the operation could take significant time, and Salesforce will email you when complete. When you click OK, the dialog box closes, and the Sharing Settings page reappears. Use the Recalculate button in the appropriate related list to manually apply the changes when you’ve made modifications to groups, roles, or territories.

Setting Up Profiles

In Enterprise and Unlimited editions of Salesforce, you can use profiles to control a user’s permission to view and perform many functions. Roles and sharing rules determine which objects a person sees, and whether she can make changes to that object. A profile determines what details a person sees on that object. Depending on which edition you’re using, you can use profiles to

  • Define which page layouts a user will see
  • Control field-level access
  • Determine the apps viewed by a user
  • Alter the tabs displayed to users
  • Make record types available to certain users
  • Secure certain login settings

Reviewing the standard profiles

Most editions of Salesforce come with five or six standard profiles, which can’t be altered except for the tab settings. The number of standard profiles may differ depending on the types of Salesforce licenses your organization has purchased. Newer organizations can stick to standard profiles and address their company’s basic requirements related to user access. If you have Group or Professional Edition, you can’t actually view the settings on the standard profiles.

If you have Enterprise or Unlimited Edition, choose Setup ⇒ Administer ⇒  Manage Users ⇒ Profiles to see your profiles. Otherwise, here’s a brief explanation of the more common standard profiles for Salesforce license types and how they’re typically applied:

  • System administrators have full permissions and access across all Salesforce functions that don’t require a separate license. You’d typically grant this level of control only to users administering the system or who play a critical part in configuring and customizing Salesforce.
  • Standard users can create and edit most record types, run reports, and view but not modify many areas of the administration setup. If you can’t create custom profiles, you’d probably choose to assign sales reps to the standard user profile.
  • Solution managers have all the rights of standard users and can review and publish solutions.
  • Marketing users have all the rights of standard users and can perform a variety of marketing-related functions, including importing leads and managing public documents and email templates. If your Salesforce edition has campaigns, marketing users can also administer campaigns.
  • Contract managers can add, edit, approve, and activate contracts. They can also delete nonactivated contracts.
  • Read only is just what its name implies. Users assigned to this profile can view data and export reports but can’t edit anything.

remember Profiles never conflict with your organization’s sharing model or role hierarchy. For example, a Standard User profile allows a user to create, edit, or delete leads, but if your sharing model is read-only for leads, the Standard User won’t be able to delete leads owned by others.

tip Over the years, Salesforce.com has expanded the types of licenses you can buy, to better accommodate your organization’s users and how often and what they need to access in Salesforce. To get the latest comprehensive list with definitions, click the Help link from within any Salesforce page and type license types into the search bar.

Creating custom profiles

If you have Enterprise or Unlimited Edition, you can build custom profiles that provide you greater flexibility than the standard permissions granted to users and the layouts that they see. For example, you may want to create a custom profile for your finance team so that only users with that profile can edit check boxes on the opportunity that track whether certain signed forms have been submitted when you close a deal. See Chapter 17 for details on creating custom layouts and record types.

To create a custom profile, you can start from scratch, but we suggest cloning and modifying an existing profile by following these steps:

  1. Choose Setup ⇒ Administer ⇒ Manage Users ⇒ Profiles.

    The User Profiles page appears. You can see which profiles are standard or custom ones based on which ones have the Custom box checked.

  2. Click the Standard User link in the Profile Name list.

    The Profile: Standard User page appears. In practice, you can clone from any of the profiles, but by starting from the Standard User profile, you can simply add or remove permissions.

  3. Click the Clone button.

    The Clone Profile page appears.

  4. Type a title in the Profile Name field and then click Save.

    The Profile page for your new profile appears.

  5. Click the Edit button to modify the permissions, as shown in Figure 21-3.

    The Profile Edit page appears.

    tip Salesforce packs a plethora of possible permissions into a profile page. Some of those permissions aren’t obvious; others are dependent on your selecting other permissions. If you have questions as you’re working through the Profile Edit page, click the Help for This Page link in the upper-right corner of the page to go directly to the relevant Help documentation. If you place your cursor over the i icon, located next to certain Administrative Permissions on the Profile Edit page, rollover text appears with tips on other required settings.

  6. Under the Custom App Setting section, determine which standard and custom apps are visible for a profile and which one is the default.

    This determines the content of the Force.com app drop-down list.

  7. Under the Tab Settings section, use the drop-down lists to determine the tab settings for your new profile.

    Choose from the three possible options:

    • Default On: You want a tab to be displayed.
    • Default Off: You want a tab not to appear while still allowing a user assigned to the profile the choice to turn the tab back on. For example, if you created a profile for sales reps and you want to hide the Contracts tab but give the rep the option to display it, select Default Off on the Contracts field.
    • Tab Hidden: You want the tab to be hidden without an option for the user to turn the tab back on. For example, if your company isn’t going to use cases, you may decide to hide the tab.

    remember Making a tab hidden in a user’s profile doesn’t prevent the user from accessing those records (in reports, for example). To prevent a user from accessing a particular type of record altogether, remove the Read permission on that type of data from the Object Permissions sections of the page.

  8. (Optional) Select the Overwrite Users’ Personal Tab Customizations check box if you want to overwrite the user’s current personal customization settings with the settings for the new profile that you’re applying.

  9. Under the Administrative Permissions header, select or deselect check boxes to modify administrative permissions from the profile.

    Most of these settings are designed for administrators, but some of these may be important, depending on your goals for a custom profile. For example, if you want to build a manager’s profile, you may want to retain permissions such as Manage Public Reports and Manage Public List Views so that managers can create public reports and list views for their teams.

  10. Under the General User Permissions header, select or deselect check boxes to modify common user permissions from the profile.

    For example, if you don’t want sales reps to be able to export customer data to a file, you could create a custom profile for reps and remove the Export Reports setting.

  11. Under the Standard Object and Custom Object Permissions headers, select or deselect check boxes to modify standard or custom object permissions from the profile.

    For example, if you don’t want support reps to be able to modify opportunities, you could create a custom profile for support reps and select only the Read check box in the row for opportunities.

  12. Click Save.

    The Profile page reappears for your new profile. Your new profile will now appear the next time you follow the instructions in Step 1.

  13. Click the View Users button if you want to assign users to the profile.

    A Custom: Custom Profile Name list page appears in which you can view, add, or reset passwords for users in the profile.

image

FIGURE 21-3: Previewing a Profile Edit page.

Defining the Role Hierarchy

Think of a role hierarchy as the Salesforce system’s data-access trickle-down org chart: If you’re assigned to the role at the top of the chart, you have full access to your own data, and that privilege trickles down to the data of everyone below you in the hierarchy — and life is good.

tip When you’re constructing your hierarchy, don’t confuse your actual company org chart with the role hierarchy. Role hierarchy is all about access to data to perform your duties in Salesforce and how you want to organize certain sales-related reports. As such, hierarchies often have fewer layers than a typical org chart. For example, if your executive team will be users, you might simply create a role called Executive Team, assuming that many of those users will have similar trickle-down viewing and editing privileges.

You can use the role hierarchy in Salesforce as a primary method to control a user’s visibility and access to other users’ data. After you assign a role to a user, that user has ownerlike access to all records owned by or shared with subordinate users in the hierarchy. For example, if you set up a hierarchy with a Sales Rep role subordinate to a Sales Manager role, users assigned to Sales Manager would have read and write access to records owned by or shared with users in the Sales Rep role.

To set up your company’s role hierarchy, click the Setup link in the upper-right corner and follow these steps:

  1. Choose Administer ⇒ Manage Users ⇒ Roles.

    The Understanding Roles page appears, and you see a sample hierarchy, as shown in Figure 21-4.

    tip To select a different sample hierarchy, make a selection from the View Other Sample Role Hierarchies drop-down list.

  2. Click the Set Up Roles button.

    The Creating the Role Hierarchy page appears.

  3. (Optional) To select a different view of the hierarchy, make a selection from the drop-down list on the right side of the page.

    Salesforce provides three standard views for displaying the role hierarchy: tree, list, and sorted list. For this example, we’re opting for the default, Tree view.

  4. In Tree view, click the Add Role button at the place in the hierarchy where you’d like your new role to appear.

    A Role Edit page appears for the new role.

  5. Complete the fields.

    The fields are pretty obvious, but here are some tips:

    • This Role Reports To: Use this lookup field to define the role’s place in the hierarchy. Because the lookup field is based on roles you already created, add roles by starting at the top of your hierarchy and then working your way down, as shown in Figure 21-5.
    • Contact, Opportunity, and Case Access: Select these options that fit your company’s objectives. (You may not see these fields if you have a very public sharing model — more on that in the following section.) You can provide an account owner with read-write access to related opportunities or cases that she doesn’t own, has view-only access to, or has no access to. This flexibility comes in handy in heavily regulated industries, in which you might have to prevent an account executive from knowing about certain deals or issues going on with her account.
  6. Click the Save button or the Save & New button.
    • Save: The Role: Role Name page appears, displaying the detail information you just entered and listing any users in this role. From the users in the Role Name Role detail list, you may also assign existing users to this role or create new users with this role. (Check out the section “Creating a new user,” earlier in this chapter.)
    • Save & New: A New Role page appears, and you can continue building the hierarchy. Repeat Steps 2–6 until your hierarchy is done.
image

FIGURE 21-4: Seeing a sample role hierarchy.

image

FIGURE 21-5: Creating a new role in the hierarchy.

Using Other Security Controls

Beyond the major configuration settings (such as roles, profiles, and sharing model), as an administrator, you have other settings for managing the use and security of your data in Salesforce. You can find these features by choosing Setup ⇒ Administer ⇒ Security Controls.

In the following sections, we discuss how to manage field-level access and delegate a subset of administration to others.

Setting field-level security

If you have Enterprise or Unlimited Edition, you have three primary ways to control access to and editing of specific fields: profiles (which we discuss earlier in this chapter), page layouts (Chapter 17 covers these), and field-level settings (stay right here for the details). With field-level security, you can further restrict users’ access to fields by setting whether those fields are visible, editable, or read-only.

To view and administer field-level security, click the Setup link and follow these steps:

  1. Choose Administer ⇒ Security Controls ⇒ Field Accessibility.

    The Field Accessibility page appears, listing all objects.

  2. Click the link for the type of record for which you want to view and manage field-level security.

    A Field Accessibility page for the selected record type appears, as shown in Figure 21-6. For example, click the Account link if you want to review the security settings on account fields.

  3. Under the Choose Your View header, click the View by Fields link.

    The Field Accessibility page appears with a Field drop-down list. If you want to see a different view of this information — in which you get to see one profile and the security levels for all the fields for the selected data type — click the View by Profiles link.

  4. Select a field from the Field drop-down list.

    The page reappears with a table displaying your company’s profiles and the profiles’ accessibility to the selected field.

  5. In the Field Accessibility table, click a link in a cell in the Field Access column to edit the profile’s field access for a specific record type.

    An Access Settings page for the selected profile and selected field appears, as shown in Figure 21-7. If you want to modify access for all profiles associated with the page layout assigned to this profile, you can also adjust that here.

  6. Select the check boxes to modify the field-level settings, and then click Save.

    The Field Accessibility page for the selected record type reappears.

image

FIGURE 21-6: Preparing to view field accessibility.

image

FIGURE 21-7: Modifying field-level access on a profile.

remember If you modify a field-level security setting for a profile by deselecting the Visible check box, this means that the record related to that field is still searchable. The field will never be viewable to a person with that profile, so that person won’t be able to create reports or search using it, but he can use reports created by others that leverage that field. So, if an account — say, ABC Corp. — had its Employees field filled out with the number 1001, but that field was not visible to Watson, who has the Standard User profile, Watson could still run a report created by Holmes, who, with a different profile, was able to customize a report looking for all accounts where the Employees field was greater than 1000. In that report, ABC Corp. would be listed and Watson would see ABC Corp., but he would not see the Employees field in the output. Watson would also not be able to customize a report using the Employees field because he can’t see it to modify a query.

tip If you need to provide someone with similar access to records as an existing user, with the exception of visibility to a few fields, we recommend that you do this via field-level security on a new custom profile, versus removing the field from the page layout. It may not be visible on a page, but that field is still visible elsewhere in Salesforce — like when creating and running reports and list views. Even if you’re not strict about a group of people not seeing a field, field-level security can help reduce end-users seeing an overwhelming number of fields that they have to wade through when creating reports.

Delegating administration

As an administrator for your growing world of Salesforce users within your company, you hold the key to who accesses your Salesforce instance. You shouldn’t try to cut corners by making everyone system administrators just because you’re annoyed each time people bug you to add a new user, or because they get impatient about your asking “Why?” in response to their requests.

Salesforce allows you to delegate some administrative duties to nonadministrators. Delegated administrators can help you create and edit users in roles you specify, reset passwords for those users, assign users to certain profiles, and manage certain custom objects. For example, if your marketing department is growing quickly, you may want to allow a manager in the Marketing Manager role to add new marketing users to Salesforce who need the Marketing User profile.

remember With more users and different groups that need access to the same object, be cautious in granting delegated administration permissions to users for specific custom objects. Usually this will result in changes being made that benefit one group at the expense of another, and you’re left to diplomatically mend strained relationships. It’s your responsibility as a system administrator to have a holistic understanding of how system changes will affect all your users.

To delegate administration, you must first define the groups of users to whom you want to delegate these new privileges. Then you have to specify what you want those newly delegated administrators to do. To define delegated administrators, follow these steps:

  1. Choose Setup ⇒ Administer ⇒ Security Controls ⇒ Delegated Administration.

    The Manage Delegated Groups page appears.

  2. Click New.

    The Edit Delegated Group page for the new delegated group appears.

  3. Enter the Delegated Group Name.

    In our example, we selected Sales Operations.

  4. Click Save.

    The Delegated Group page for your new group appears.

  5. Click the Add button in the Delegated Administrators related list to specify which users will belong in this group.

    The Delegated Administrators page appears.

  6. Use the Lookup icons to find and add users to this group.

  7. Click Save.

    The Delegated Group page for your group reappears.

  8. To specify which roles and subordinate roles a delegated administrator can manage, click the Add button in the User Administration related list.

    The Roles and Subordinates page appears.

  9. Use the Lookup icons to find and add roles that your delegated group may manage.

  10. Click Save.

    The Delegated Group page for your group reappears.

  11. Click Add in the Assignable Profiles related list to specify which profiles these delegated administrators may assign to users.

    The Assignable Profiles page appears.

  12. Use the Lookup icons to find and add profiles that your delegated group may assign.

  13. Click Save.

    The Delegated Group page for your group reappears.

  14. Click Add in the Custom Object Administration related list to specify which custom objects and related tabs a delegated administrator may manage.

    The Custom Object Administration page appears.

  15. Use the Lookup icons to find and add custom objects that your delegated group may assign.

  16. Click Save.

    The Delegated Group page for your group reappears.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset