Quick Contact


    SALESFORCE SECURITY MODEL- PROFILES, ROLES AND USERS

    Profiles, roles and users are the key components of security model. To ensure the security to the data in Salesforce, it provides comprehensive and flexible data security model so that you can protect your data and access to it.

    This can be achieved by providing security to the three different levels which are object level, the field level and the record level. So this is how the data is stored in Salesforce. So providing security at these three levels ensures that our data is secure in an organization.

    Now let’s discuss the various levels of access in Salesforce

    SALESFORCE SECURITY MODEL

    Salesforce regulates the access to different level to secure data and accessibility that is you have various level of access starting with-

    1. Org access or the organization level access- Here Salesforce regulates the access to the entire organization maintaining a list of authorized users etc. as in above diagram.
    2. Salesforce regulates the object level access.
    3. Record level access
    4. Field level access.
    CONTROLLING DATA ACCESS WITH – SALESFORCE PLATFORM
    SALESFORCE SECURITY MODEL
    • First is start with users then there is object level security that defines which objects are visible to user. For example-
    • You can say you have three objects- Candidate, Position and offer. User is able to view candidate and position but doesn’t have access or visibility to offer. Now this is controlled by object permissions which are present in profiles
    • Next you have Field level security field that defines which fields are available to the user on an object. For example candidate object has three fields- first name, last name and home phone. You can see first name and last name is visible to the user but the home phone is not. This is how you restrict the access or visibility of certain fields using field level security and this is done by using field permissions next you have the record level security now this defines that by default which record should be hidden to the user this is controlled by organization wide defaults for example if the candidate object is set to private then a user can only view his own records on the other hand you have the position object set to read only in OWDS which means that a user can view other users data but cannot edit or delete the other records now while OWDS are used to restrict or set the default values as to which user can view which record you have a way of expanding the access to these records using the following that is the role hierarchies the sharing rules and the manual sharing and this defines what exceptions should be made such so that the user can view more than what is set as default.
    CONTENT IN SECURITY MODEL

    Security model comprises of

    1. Profiles
    2. Permission Sets
    3. Roles
    4. Organization wide defaults
    5. Sharing Rules
    6. Manual sharing.
    SALESFORCE SECURITY MODEL

    On the above of baseline object there is OWD (organization-wide defaults). OWD set the default restrictions that a user has i.e. data is public read/write, public read-only or private. Private being the most restrictive setting that a user is only able to view his own data and not any other user’s data while public read/write means that a user can view any other users data and make changes to it.

    Next you have Role hierarchy, Sharing Rules and manual sharing used to open up the access to a user apart from the baseline object permissions and the OWD.

    PROFIES

    Now let’s discuss the profiles

    Profiles are defined as how users access objects and data and what they can do within an application. Every user in a Salesforce organization must have a profile associated with them so there are about two things that a profile does which you need to keep in mind-:

    A profile domains which applications tabs and objects a user can access and second important pointers the permissions that user has on the object which is read, create, edit or delete it means in an object if a user can create a record, delete the record or edit it etc.

    SALESFORCE SECURITY MODEL

    Now try to visualize through above diagram-:

    As you can see on this table everything marked in red is profile for example, you have three profiles here – faculty, fresher and management. Now taking this as a school management system application. Let’s take this example where you have faculty on an object called student. Faculty profile has read/write ended and deleted while on the fees object faculty doesn’t have any permission.

    Look at the fresher profile, for a student object pressure has only read access which means that a pressure profile user cannot write, edit or delete the record.

    While user with faculty profile can read, write, edit and delete that record. So, it defines what the user can do in a Salesforce org on an object.

    Let’s look at some standard profiles-:

    SALESFORCE SECURITY MODEL

    Learn More About Salesforce Tutorial.

    ROLES-:

    Unlike profiles it tells that you can do to records that are if you can read, write or delete a record. Roles define which records a user can see on an object that is his own records or any other records of a peer or a subordinate as per definition roles determine the level of access that user has to your Salesforce orgs data and rules affect key components such as records and reports.

    So what does role hierarchy do-: it extends the access to records that the organization why default has said i.e. if the organization by default is anything which is more restrictive than public read/write then role hierarchy extends the access to these records based on if role is in higher hierarchy compared to other roles.

    SALESFORCE SECURITY MODEL

    So as in above image there is organization with multiple roles and levels.

    Let’s to understand more, let’s visualize this using an example.

    So, let’s take an example of school, you can say there is a hierarchy as below-:

    SALESFORCE SECURITY MODEL

    These are all the staff members so every user here is a staff member of the school. On the top first there is an owner. Everything in yellow is ‘role’ and everything in red is ‘profile’. So, owner has role called owner and also a profile called owner. Moving step down there is Mr. Principal and Mr. Trustee. According to the role hierarchy they are on the same level which means that Mr. Principal will not be able to see any data of Mr. Trustee if they are on the same level but Mr. Principal will be able to see all the data of Mr. Professor who is one level below Mr. Principal. Now these are defined by the roles similarly Mr. Intern and Mr. Lab assistant, their data will be visible to Mr. Professor because of their role. As you can see that Mr. Principal and Mr. Professor have the same profile this would mean that Mr. Principal and Mr. Professor both will be able to do same things on an object. The permissions that they have on an object which is read/write create or edit would be similar while Mr. Professor and Mr. Intern have different profiles which is fresher and faculty so anything that a fresher has on his profile. Those permissions will not be the same as Mr. Professor. As a professor can may be have read write and edit while Mr. Intern only have read access to it so this is how profiles and roles play in an organization.

    Enroll Yourself in Live Classes For Cloud Coumputing Training in Gurgaon.

    Copyright 1999- Ducat Creative, All rights reserved.