Set Session Security Policy to Secure Access to Editing Roles

You can now require that users have a high-assurance session level before allowing them to access role settings in the Roles Setup page, the UserRole object, and the Role object in Metadata API. Setting a high-assurance session level helps secure sensitive operations. These settings apply only to users who have user permissions to access these operations. If users have a high-assurance session after logging in, they aren’t prompted to verify their identity in the same session, even if you require high assurance for sensitive operations.

Where: This change applies to Salesforce Classic and Lightning Experience in all editions.

How: From Setup, enter Identity Verification in the Quick Find box, then select Identity Verification. Locate the Session Security Level Policies section, and update the Manage Roles setting.