Free Salesforce Admin Tutorial >

Chapter 7 - Data Security >

Record Level Security in Salesforce

Record Level Security in Salesforce

What You’ll Learn

S2 Labs

Record-level security in Salesforce is a powerful tool for controlling exactly which data individual users can access within the platform. It goes beyond the primary object and field-level permissions by allowing you to grant or restrict access to specific records within an object, ensuring sensitive information stays in the right hands.

Here is why you should use it:

  • Increased data security and compliance.
  • Improved data hygiene and accuracy.
  • Enhanced user experience by showing only relevant data.
  • More granular control over data access.

The implementation of Record Level Security in Salesforce becomes especially important as it enhances data confidentiality and privacy by restricting access to sensitive information. It makes it easier to minimize the risk of data breaches or misuse while improving data integrity by ensuring users only see and modify relevant data for their roles.

What is Salesforce Record Level Security?

Record Level Security in Salesforce determines which individual records in each object can be viewed and edited by users they have access to in their profile.

The permission on a record is always evaluated according to a combination of object, field, and record-level security permission. When object-level permissions versus record-level permissions conflict, the most restrictive settings win.

To implement it, the administrator needs to answer the following questions:

  • Should the users have open access to every record or a subset?
  • If it’s a subset, then what rules should determine whether the user can access them?

Types of Implementing Salesforce Record-Level Security

Salesforce presents four distinct strategies for Record-Level Security enactment. They provide varying degrees of data access designed to match an organization’s specific needs. Let’s delve deeper into each method to understand better how they contribute to your overall data security:

Record Level Security In Salesforce

Organization-Wide Defaults

OWD Sets the baseline access level for all users to all records within an object. Options include Public Read/Write, Public Read Only, or Private. Public Read/Write grants everyone access and edit rights, while Public Read Only allows viewing but not editing. Private restricts access to the owner and those above them in the role hierarchy.

Role Hierarchies

Role hierarchy is a fundamental feature in Salesforce that helps define a user’s level of access to records. It’s based on the organization’s hierarchy structure, where higher-level users can access the records owned by their subordinates. Role hierarchy is beneficial for scenarios where an organizational structure influences data visibility.

Unless your sharing settings are set to “Private,” when you build up role hierarchies, users at a higher hierarchy level always have the same access permissions (as defined by your sharing settings) to data records as those below them. Make sure the Grant Access Using Hierarchy checkbox is checked in order to grant users access to higher levels of the hierarchy.

Setup->Sharing Settings->Edit-> Grant access Using Hierarchies on targeted objects.

Sharing Rules

This method creates exceptions to OWDs and grants access to specific groups or users based on defined criteria. These are useful for situations where specific user groups need access to records outside their usual permissions.

There are two types of sharing rules in Salesforce:

  • Based on record ownership.
  • Based on criteria.
Setup->Sharing Settings->Go to Object Related List->Click New-> Create

Manual Sharing

Manual sharing allows record owners to directly share individual records with specific users or groups, even if they wouldn’t have access otherwise. It provides granular control over access for specific situations or collaborations. However, the user with whom we are sharing the record must be active.

By utilizing these methods, you can create a data access strategy that aligns with your organization’s unique needs and protects your sensitive data.

How to Implement Record Level Security?

Here’s a step-by-step guide on how to implement record-level security:

Set Organization-Wide Defaults

  1. Define the default sharing setting for an object.
  2. Go to Setup > Sharing Settings.
  3. Choose the desired sharing setting (Private, Public Read-Only, Public Read/Write, or Public Full Access) for the object.
  4. These settings establish the baseline for record access.

Role Hierarchy

  1. Leverage the role hierarchy to grant access to records based on an individual’s position within the organization.
  2. Users higher in the hierarchy can access records owned by users below them.
  3. Set up roles in Setup > Users > Roles.

Set Sharing Rules

  1. Create sharing rules to extend access based on record criteria.
  2. Go to Setup > Sharing Settings > Sharing Rules.
  3. Define rules to share records meeting specific criteria with a group of users either based on ownership or criteria.

Manual Sharing

  1. Allow record owners to share individual records with other users manually.
  2. Users can manually share records they own with specific individuals or groups.

Monitor and Audit

Now, you just need to review and audit record access settings regularly. You can utilize Salesforce’s built-in tools and reports to monitor user activity and security settings.


To Keep In Mind

Profiles and Permission Sets are a prerequisite that you must take care of before setting any record level security in Salesforce.

  1. Assign profiles to users based on their job roles.
  2. Profiles control object and field-level permissions.
  3. Use permission sets to extend permissions beyond what is granted by profiles.

By combining these strategies, you can create a robust record-level security model in Salesforce that aligns with your organization’s structure and ensures that users have the appropriate level of access to records.

Download Study Material

Get access to exclusive study material for Salesforce Certification and ace your exams!

Download Now

Our Salesforce Certification Courses

Hey there! Glad you made it through our Salesforce Developer Training for beginners . But wait! We've got some high-in-demand Salesforce courses for you to take your Salesforce skills to the next level, making you a desired professional in the Salesforce job market.

Post a Comment

Your email address will not be published. Required fields are marked *