- Org Level Security
- Object Level Security
- Field Level Security
- Record Level Security
Security Meaning In Salesforce:
- Salesforce is a cloud technology and multiple users use it simultaneously so security is needed to protect data from different level of users and outside users.
- Salesforce is built to protect data & apps.
- It provides an infrastructure to implement data security.
- Preventing unauthorized and unauthenticated access.
ORG LEVEL SECURITY
- Who can login?
- When can user login?
- Where can user login?
- Org wide trusted IP ranges.
- Profile based IP restrictions
- Authentication & Password Policies
- Setting up business hours
OBJECT LEVEL SECURITY
- Using profiles/permission sets we can set up who all access to a particular object.
- We can define CRUD permissions for object.
- Special Permissions
- View All Data
- Modify All Data
- No permission set or sharing rule will work if one of these permission is set of profile.
FIELD LEVEL SECURITY
- Using profiles/permission sets we can set what access the user has on fields[read/write]
- Permission sets can only add access to profiles, can’t restrict it.
- If a field is not having read/write access on profile, we can’t access that field in apex also.
RECORD LEVEL SECURITY
- Defines access for records to the users
- We can achieve this by:
- Org Wide Defaults
- Role Hierarchy
- Sharing Rules
- Manual Sharing
- Common values are:
- Public Read Only
- Public Read/Write
- Controlled By Parent(In Master Detail)
- Public Read/Write or Transfer(For Lead & Case)
- First we set up roles
- If grant access hierarchy is enabled, it provides access to user with the roles above the current user.
- opens up access vertically.
- Two type are there:
- Bases On Owner
- Based On Criteria
- Records can be shared with roles, roles & subordinates, public groups or individual users.
- Depending upon the OWD, the only options are
- Read Only
- Read/Write in sharing rules
MANUAL SHARING OF RECORD
- Owner can manually share the record to other users.
- Manual sharing option need to be enabled.
- It is required only if the OWD setting for the object is Private or Public Read Only.
Users can add Notes & Attachments only if they have read/write access to the object.
- Order of Execution In Fun Way
- Security In Salesforce
- FLS Is Not Editable But Why?
- Salesforce Communities, Portals, and Sites
- Default Record Type Issue in Lightning
Explained it very well
best one and original words, not copied from any other blog