What can we help you with?
๐ Security and Permissions
Overview
Salesforce provides robust security and permission controls to protect sensitive business data while ensuring users have access to what they need. This article outlines the key components of Salesforceโs security model and how permissions are managed across the platform.
๐งฑ Layers of Security in Salesforce
Salesforce security is built on multiple layers:
| Layer | Purpose |
|---|---|
| Organization-Level | Controls overall access to Salesforce (login hours, IP ranges). |
| Object-Level | Manages access to specific objects like Accounts, Contacts, etc. |
| Field-Level | Controls visibility/edit rights to individual fields. |
| Record-Level | Defines who can see or edit specific records within an object. |
๐ Organization-Level Security
1. Login Access
- IP Restrictions: Block/allow logins by IP address range.
- Login Hours: Set time windows for when users can log in.
2. Two-Factor Authentication (2FA)
- Required for certain users, especially admins or external access.
- Managed via Permission Sets and Session Settings.
๐ฆ Object-Level Security
1. Profiles
- Control object-level access (Read, Create, Edit, Delete).
- Assign one profile per user.
- Profiles also manage login IPs, hours, and app access.
2. Permission Sets
- Grant additional permissions beyond the profile.
- Reusable and flexible โ assign multiple to a user.
- Ideal for managing exceptions without cloning profiles.
๐ Field-Level Security
- Configure through Profiles or Permission Sets.
- Control visibility and editability of individual fields on an object.
- Hidden fields remain inaccessible via API, UI, and reports.
๐๏ธ Record-Level Security
1. Organization-Wide Defaults (OWD)
- Set the baseline access for each object (Private, Read-Only, Read/Write).
2. Role Hierarchies
- Users in higher roles inherit access to records owned by users below them.
- Not a security feature for restriction โ it’s for data visibility expansion.
3. Sharing Rules
- Grant record access to users based on criteria (public groups, roles).
- Can be based on record owner or field values.
4. Manual Sharing
- Users can share individual records if they have the rights to do so.
๐งฐ Tools for Security Management
| Tool | Use Case |
|---|---|
| Profile and Permission Set UI | Assign and review permissions for users. |
| Field Accessibility Viewer | Check field-level visibility across profiles. |
| Sharing Settings Page | Configure OWDs and sharing rules. |
| Security Health Check | Analyze and improve org security posture. |
| Setup Audit Trail | Track configuration changes. |
โ Best Practices
- Least Privilege Access: Always start with minimal access and add more only when needed.
- Use Permission Sets: For flexibility and easier permission management.
- Review Regularly: Audit user access and deactivate unused accounts.
- Enable 2FA: Especially for sensitive data and integrations.
- Test with Login-As: Verify user access by logging in as the user (Admins only).
๐ Summary
Salesforceโs layered security model offers precise control over who sees what โ from login settings down to individual records and fields. Using Profiles, Permission Sets, and Sharing Settings effectively ensures your users have the access they need, and nothing more.