Nowadays data security is a major concern for everyone and everyone wants their data to be in safe hands, so this blog will give you a brief overview of how data security has been handled in Salesforce.
Mainly there are 4 aspects of data security in Salesforce:
- Organization Level Security
- Profile Level Security
- Field Level Security
- Record Level Security
1. Organization Level Security
The organization-level comes at the organization level when we want to ensure which user can log into Salesforce. We protect our data at the broadest level here and this can be done by creating and managing users, setting password policies, and limiting when and where users can log in.
Some of the ways to control access at the organization level:
- Password policies.
- User password expiration.
- User password resets.
- Login attempts and lockout periods.
- Whitelist Trusted IP Ranges for the Organization.
- Restrict Login Access by IP Address Using Profiles.
- Restrict Login Access by Time.
2. Profile Level Security
Profile level security provides the security one can apply on the object and fields, application a user has access to, page layouts, etc. Profile level mainly provides the CRED operations to perform or assign to the user.
We can set profile level security through:
- Permission Set
The profile is a collection of settings that define what data and features a user can access over the platform. One can control access to objects, applications, VF pages, page layouts, etc.
A permission set is a replica of profiles that are used to grant additional access to objects, tabs, applications, etc to a user. With permission sets we cannot reduce any access, it can only be used to grant additional access to a user.
Don't forget to check out: Upload Data Through CSV File in Visualforce Page | Salesforce Developer Guide
3. Field Level Security
Field-level security refers to the security we apply to the fields. It implies that whether a user can edit, see or delete the value for a particular field.
Field level security can be set via:
- Profile and Permission set(Under Users section)
- Field Accessibility (Under Security section)
- Object Manager
- Page Layout
Field Level Security via Profile and Permission Set
- Go to Setup
- In the quick find box, search for profile/permission set. Both sections come under Users section
- Select any particular profile and scroll down up to standard or custom field-level security.
- Click on the View link of any object, it will redirect you to the page where all fields are present related to that chosen object.
- Click on edit and set field-level security as per two choices available, i.e: Read access or Edit access
Field Level Security via Field Accessibility
- The field accessibility option comes under security in setup.
- Choose any of the objects for which you want to view or edit field accessibility.
- Select the ‘View by fields’ option and after that select the field for which you want to view or edit accessibility.
- This will show a list of fields according to the profiles and you can set accessibility as per their profiles and assign record types.
Field Level Security via Object Manager and Page Layout
- From Setup, click object manager and select any object.
- In the fields and relationship section, select any of the fields on which you want to view or edit accessibility.
- Field level security gives us two options in case of Page layout:
- Read Only
Field Level Security via Page Layout
- We can also apply field level security via page layout.
- In object manager click on any object and select page layout form the left section.
- Select any of the available page layouts.
- Go to any field and click on the wrench icon for applying field properties on UI.
- By clicking, a pop-up window appears which shows two options:
- Read Only
4. Record Level Security
This level provides us the security we can apply over records in Salesforce Org. Via record level security one can define the access of records to the users lying at different profiles or roles throughout the Salesforce org.
There are the following ways we can share records between users:
- OWD (Organization-Wide Defaults)
- Role Hierarchy
- Sharing settings
- Manual Sharing
OWD tells us to record security for each object. It is the baseline in terms of record-level security. One must always set the OWD as restrictive and open up the access by other solutions available for the record level security.
OWD section comes under sharing settings in the security section in setup.
Role hierarchy in Salesforce means the user who will be on the top has the access to all of the users below. It follows a top to down approach. The user won’t have access of the above users but the users which are below his level as per the role hierarchy defined. Role hierarchy automatically grants access to the users.
Check out another amazing blog by Udit here: Send Email to Salesforce Sales Cloud Data from Marketing Cloud Using Import and Automation Filter Activity
As mentioned above, role hierarchy follows the top to down approach whereas, Sharing rules provide the record-level access to those who are at the same level in the Role hierarchy. Sharing rules are used to provide horizontal access. Sharing rules can be applied on standard and custom objects.
We can assign or create sharing rules/sharing settings by navigating to the OWD section and below there is a section where we can create a sharing rule for every object present in the org.
In this, we can share records manually to the individual users, roles, or public groups. It is available to the record owners, their managers, and system admin.
If a user does not have access to any record which is owned by some other user then the owner of the record can manually share the record with the user.