- Org Level Security
- Object Level Security
- Field Level Security
- Record Level Security
Security Meaning In Salesforce:
- Salesforce is a cloud technology and multiple users use it simultaneously so security is needed to protect data from different level of users and outside users.
- Salesforce is built to protect data & apps.
- It provides an infrastructure to implement data security.
- Preventing unauthorized and unauthenticated access.
ORG LEVEL SECURITY
- Who can login?
- When can user login?
- Where can user login?
- Org wide trusted IP ranges.
- Profile based IP restrictions
- Authentication & Password Policies
- Setting up business hours
OBJECT LEVEL SECURITY
- Using profiles/permission sets we can set up who all access to a particular object.
- We can define CRUD permissions for object.
- Special Permissions
- View All Data
- Modify All Data
- No permission set or sharing rule will work if one of these permission is set of profile.
FIELD LEVEL SECURITY
- Using profiles/permission sets we can set what access the user has on fields[read/write]
- Permission sets can only add access to profiles, can’t restrict it.
- If a field is not having read/write access on profile, we can’t access that field in apex also.
RECORD LEVEL SECURITY
- Defines access for records to the users
- We can achieve this by:
- Org Wide Defaults
- Role Hierarchy
- Sharing Rules
- Manual Sharing
- Common values are:
- Public Read Only
- Public Read/Write
- Controlled By Parent(In Master Detail)
- Public Read/Write or Transfer(For Lead & Case)
- First we set up roles
- If grant access hierarchy is enabled, it provides access to user with the roles above the current user.
- opens up access vertically.
- Two type are there:
- Bases On Owner
- Based On Criteria
- Records can be shared with roles, roles & subordinates, public groups or individual users.
- Depending upon the OWD, the only options are
- Read Only
- Read/Write in sharing rules
MANUAL SHARING OF RECORD
- Owner can manually share the record to other users.
- Manual sharing option need to be enabled.
- It is required only if the OWD setting for the object is Private or Public Read Only.
Users can add Notes & Attachments only if they have read/write access to the object.
- Salesforce Best Practices Quick Notes For Interview
- Future Method Quick Notes For Interview
- Batch Apex Quick Notes For Interview
- Quick Notes For Interview About SOAP and REST API
- Quick Notes For Interview About VF Vs. Lightning
Thnx Rahul for the motivation
nice blog! keep it up!
Explained it very well
best one and original words, not copied from any other blog