Question

I am working on an implementation in Salesforce for a customer which involves setting up partner module. We cannot setup access rights on User object standard fields based on profiles, and using partner login info, you can access all user info from Dataloader or Apex Explorer, which looks like a security hole in Salesforce.

Does anyone faced this issue before or has a workaround?

Answer 1

https://test.salesforce.com versus https://login.salesforce.com. Even if you use the same password, the token may be different, or the password may have expired.

Maybe admin disabled logging in from generic addresses in Setup -> My Domain, requiring you to go to https://mydomain—mysandboxname.my.salesforce.com/...?
Maybe the admin had everyone use Single Sign-On, and you can't use your SF username and password anymore.
There may be IP addresses that are restricted or login hours that have been defined.

Hope this helps!

Enroll for Salesforce Training today.

Thanks!