Data security overview

AJSD
 1.Organization-level security:

Organization-level security in Salesforce is a way to protect your system from unauthorized

access by controlling who can access your organization, when they can access it, and
where they can access it from:

1.∙ Password policies: Set password policies, including how long passwords are valid
and how complex they must be.

2∙ Login restrictions: Limit when and where users can log in, such as by restricting
logins to specific hours or IP addresses.

3∙ Authorized users: Keep a list of authorized users for your organization.

2.Object-Level Security

1. Object Permissions

Object permissions define what actions users can perform on records of a specific

object type. These permissions are essential for controlling access to Salesforce data

and include.

O Read: Users can view records but cannot make changes.

o Create: Users can create new records.

o Edit: Users can modify existing records.

o Delete: Users can remove records from the system.

o View All: Users can view all records of that object type, regardless of ownership
or sharing settings.
o Modify All: Users can view and edit all records of that object type, regardless of
ownership or sharing settings.

AJSD
 2. Profiles and Permission Sets

o Profiles: Define the baseline level of access to fields for users. Each profile can
have specific settings that control whether a field is visible or read-only.

1. Object Permissions
2. Field permissions
3. Record Types
4. Page layout

o Permission Sets: Allow additional permissions to be granted to users on top of

their profile settings. Permission sets can override profile-level field permissions
to provide more granular control.
1. Additional Permissions
2. Object and Field Permissions

3.Field-Level Security

1. Field Visibility

o Read-Only Access: Users can view the field but cannot modify its value.

o Hidden Fields: Users cannot see the field at all. This ensures that sensitive
information is not exposed to unauthorized users.
2. Access Controls

o Object-Level Access: Determines if a user can access records of a specific

object type. Field-Level Security further refines this by controlling access to
individual fields on those records.

o Page Layouts: While Page Layouts control the visibility and arrangement of
fields on record pages, Field-Level Security determines the access permissions
for those fields. Page Layouts cannot override FLS settings.

AJSD
 4.Record level security

1. Organization-Wide Defaults (OWD)

∙ Definition: OWD settings define the baseline level of access to records for all users
within the organization. They control the default visibility of records and are foundational
for record-level security.
1∙ Access Levels:

o Public Read/Write: All users can view and edit all records.

o Public Read Only: All users can view records, but only the owner or users with
special permissions can edit them.
o Private: Only the owner of the record and users with explicit sharing permissions
can view or edit the record.

AJSD
 2. Role Hierarchy

∙ Definition: Role hierarchy determines the level of access users have to records based
on their role within the organization. Higher roles in the hierarchy can access records
owned by users in lower roles.(or) Users higher in the hierarchy have access to records
owned by users lower in the hierarchy.

3. Sharing Rules

∙ Definition: Sharing rules automatically grant access to records based on certain criteria,
such as record owner, role, or public groups. (or) Define additional access levels for
specific groups of users.
∙ Types:

o Criteria-Based Sharing Rules: Share records based on field values. For

example, share all opportunities with a "High Value" status with a specific
role.
o Owner-Based Sharing Rules: Share records based on record ownership. For
example, share all records owned by users in a specific role with users in another
role.

4. Manual Sharing:
∙

Definition: Allows users to manually share individual records with other users or groups.
This is useful for providing temporary or specific access beyond what is controlled by
OWD is private.(or) Users with appropriate permissions can manually share records
with other users.

5.Apex Sharing:

"Apex sharing" refers to a programmatic way to control record-level access in addition to

the standard and manual sharing methods available in the platform. Apex sharing allows
you to implement custom sharing rules using Apex code to meet specific security or
business requirements.

AJSD
 What is the between role and profile:
Role Profile

Role provides access to record visibility Profile provides access control of

for the user. CRED operations for User..

It is basically a record level access. It is basically an object and field

level access.

It follows a hierarchy .data visible It does not follow any hierarchy.

permissions are given based on hierarchy. permissions are given based on the
profile.

The role is always dependent on the profile. The profile can be independent of the role.

Roles are not mandatory for users Profile is mandatory for users.

Roles control access to records and Profile control access to object,

fields only field-level security, page layouts,
record types and apps

N.Veera Raghavamma Aj Skill

AJSD