Scribd
Upload
6 views11 pages

Data Security

Uploaded by

Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views11 pages

Data Security

Uploaded by

Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Data Security in Salesforce

Salesforce data security is approached at four levels: Organization


level, Object level, Record level and Field level.
Organization level Security
This is to make sure that only the authorized users of the organization can access the system by specifying
login IP ranges and login hours.

● It also includes physical security where only authorized individuals are allowed entry to the office
building.
● Make sure proper protocols are followed while adding the users for the organization as well as during
removal (Freeze, deactivate etc).
● Enabling MFA for the entire org to protect identity theft.
● Add the list of authorized users, set trusted IP ranges, login IP ranges and login hours.

All this is done to make sure the right users get into the system. Next comes the responsibility of making sure
that the right user has the right level of access to the data as per his job requirement.
Object level Security
This is achieved using Profiles and Permission sets.

Using Profiles:

● Group the users into as few profiles as possible based on their function that dictates the
access to objects, page layouts, record types, field visibility, apps and tabs.
● CRED - Create, read, edit and delete specify the level of the access the user has. When
View all and Modify all are assigned, then it gives permission to view and modify all the data
related to the object.(even if he/she is not the owner).

Using Permission Sets:

● Identify the users across various profiles who need similar permissions.
● Create permission sets and if more than one permission set is assigned to multiple users,
then create permission set groups. Mute a permission set in the group, if there is an
exception for one or more users.
● Create a session based permission set in case the permission has to be assigned for a
limited period of time to the user and then revoked automatically.
Record Level Security
Next comes record level access which is controlled using OWD, Role hierarchy, Sharing Rules, Manual Sharing.

Usually this is represented using an Inverted triangle to depict that it starts with minimal level of access and then the
visibility opens up as it goes up each level.

At each level the visibility/access is extended but not restricted.


Record Level Security:OWD

In order to specify OWD, go to Security>> Sharing settings option.

There are 4 options for OWD:

● Controlled by Parent
● Private
● Public read only
● Public read write

This is specified for both default internal access and default external access. Note that default
external access must be more restrictive or equal to the default internal access. In case if access
based on hierarchy is not needed, then you can leave the Grant access using hierarchies
checkbox blank. But it is by default enabled for standard objects and cannot be changed.
Record Level Security:Role Hierarchy
To achieve role level hierarchy, first create roles based on the access level.

For example, say a user A is supposed to have full access to records of both User B and User C.

Create roles keeping this requirement in mind so that roles of User B and User C are created under Role of User A. This
would automatically grant User A full access to records of User B and User C.

User A

User B User C
Record Level Security: Sharing Rules

Sharing Rules:

Sharing Rules come into picture when we want to grant access to a record/records to users/set of users who don’t have
access otherwise.

There are 2 types of sharings rules:

● Owner-based sharing rule (Based on who owns the record)


● Criteria-based sharing rule (Based on field values in the record)

They can be shared with a group of users and the level of access that can be granted is either ‘Read Only’ or
‘Read/Write’.

Keep in mind if you want to edit the sharing rule later, only the access level can be changed in case of Role based
sharing. Whereas in case of criteria based sharing, both the criteria and the access level can be changed later.
Record Level Security: Manual Sharing

In some rare cases, some users might need access to some records which is not usually required.

In this case, manual sharing is used by record owners to give read only or read/write permission to these users to
accomplish the task.

Manual sharing is possible only when OWD is set to Private


Field Level Security

Sometimes even though you want to give full access to the objects and the records, there are some
fields that holds special information that you want to hide or prevent from editing.

Example: SSN, Salary etc.

This can be achieved using field level security.

Field level security can be implemented at profile level or by using permission sets.
Thank you for your time!

Roopa Ramachandran.

You might also like