Free Salesforce Admin Tutorial >

Chapter 7 - Data Security >

Object Level Security in Salesforce

Object Level Security in Salesforce

What You’ll Learn

S2 Labs

As Salesforce contains vast amounts of client data, security concerns in Salesforce are real. To prevent any threats, it provides you with various security settings. It allows you to control access at different levels. One such level is the Object Level Security in Salesforce.

The necessary security measures are made robust with the help of these settings. So, let’s understand what Object Level Security is and how you can implement it in your Salesforce org.

What is Object Level Security in Salesforce?

Providing you with the simplest way to control data access, Salesforce Object Level Security is the go-to feature for you. It prevents a user or group of users from creating, viewing, editing, or deleting any records of an object by setting permissions on that object.

Object permissions either respect or override sharing rules and settings. The following permissions specify the access that users have to objects.

PermissionDescriptionRespects or Overrides Sharing?
ReadUsers can only view records of this type.Respects sharing
CreateUsers can read and create records.Respects sharing
EditUsers can read and update records.Respects sharing
DeleteUsers can read, edit, and delete records.Respects sharing
View AllUsers can view all records associated with this object, regardless of sharing settings.Overrides sharing
Modify AllUsers can read, edit, delete, transfer, and approve all records associated with this object, regardless of sharing settings.”Modify All” on documents allows access to all shared and public folders but not the ability to edit folder properties or create folders. Users must have the “Manage Public Documents” Permission to edit folder properties and create folders. Overrides sharingOverrides sharing

How Does Object Level Security Work in Salesforce?

There are two primary ways of setting object permissions:

1. Profiles

Every user in Salesforce is assigned a profile. It defines a user’s role in the organization and controls what the user can do with the records they can access. It determines the objects a user can access and the permissions a user has on any object record.

2. Permission Sets

It provides users with additional permissions and access settings. In Permission Sets, we can only give different permissions to users. Still, we can’t restrict the permissions already granted to users at their profile level, and they can only be assigned to users, not to profiles.

Salesforce Admin Training

What are Profiles In Salesforce

A profile is a collection of settings and permissions that determine which data and features users can access on the platform. It is like a template; it means whenever we want to create a new profile, we have to choose a profile that Salesforce already gives, and then we can customize it according to our requirements.

To avoid setting all the permissions and settings from scratch, you must choose an existing profile while creating a new profile. Settings in the profile determine what users can see, for example, apps, tabs, fields, and record types. Whereas Permission determines what users can do, for example, create or edit records of a particular kind, run reports, and customize the app. 

Here is what the Profiles can control.

  • Object Permission
  • Field Permission
  • User Permission
  • Tab Settings
  • App Settings
  • Apex class access
  • Visualforce page access
  • Page Layouts
  • Record Types
  • Login Hours
  • Login IP Ranges

A user’s job function typically defines profiles. Still, anything that makes sense in an organization can be created as a profile. There is a set of standard profiles in Salesforce.

Each standard profile includes a default set of permissions for all standard objects available on the platform. Here is what each type of profile entails in Salesforce.

  1. Standard User: The standard User profile in Salesforce has Read, Edit, and Delete permissions to most standard objects
  2. Read Only: The read-only users had permissions that were precisely similar to the standard user but had limited access to read-only.
  3. Marketing User: Permissions of Standard User + Additional Permissions.
  4. Contract Manager: Permissions of Standard User + Additional Permissions.
  5. Solution Manager: Permissions of Standard User + Additional Permissions.
  6. System Administrator: The System Administrator profile has the most comprehensive access to data and the greatest ability to configure and customize Salesforce. The System Administrator profile also includes two special permissions: “View All Data” and “Modify All Data.”

Key Points to Note

  1. Object permissions on the Standard profile cannot be edited. To overcome this, making a new profile by copying/cloning standard profiles and then customizing the copies to fit the organization’s needs is good. The profile functionality in an organization depends on the user license type.
  2. Every profile should have at least one visible app.
  3. If an app is visible, its tab will only appear if a profile has Permission to view the associated objects.
  4. A profile can be assigned to many users, but the user can be set to only one profile at a time.
  5. When a custom object is created, most profiles, except those with modify all data permission, do not give access to that custom object.

Download Study Material

Get access to exclusive study material for Salesforce Certification and ace your exams!

Download Now

Our Salesforce Certification Courses

Hey there! Glad you made it through our Salesforce Developer Training for beginners . But wait! We've got some high-in-demand Salesforce courses for you to take your Salesforce skills to the next level, making you a desired professional in the Salesforce job market.

Post a Comment

Your email address will not be published. Required fields are marked *