Did You Know?

Success starts with a strong foundation

Facebook Linkedin Youtube

Salesforce Sharing, Visibility and Security Management

Estimated reading: 7 minutes 213 views

Security Model

  1. Permissions for Users and Objects
  2. Permissions for Fields
  3. Permission Sets & Pater Profiles
  4. Wide-ranging Defaults (OWD)
  5. Implicit Sharing in Role Hierarchy
  6. Other Sharing Mechanisms
  7. Access to the Record (without all fields)
  8. Protecting Personal Information

After this module, what are your options?

  1. After this module, what are your options?
  2. Provide record-level access through declarative sharing;
  3. Make advantage of sophisticated and programmatic record-level access.
  4. Manage sensitive and secret information in Salesforce.
  5. Restrict access to a subset of an object's fields.

Levels of Record Access

  • Read-Only privileges:

• View 

  • Read/Write privileges:

• View 

• Edit

  • Full Access privileges:

• View

• Edit

• Transfer ownership 

• Delete

• Share

Salesforce Sharing, Visibility and Security Management

Organization-Wide Defaults (OWD)

Data Access Model

When figuring out what types of records certain user groups require access to, a data access model is a helpful place to start. It provides a high-level explanation of your data access requirements. Three categories exist: 

Access to the records is unrestricted. Any record that their profile permissions permit can be viewed and edited by users. This is Salesforce’s default model. 

Users cannot view other users’ records in reports or search results; they can only view the records they own. 

Both private and public access are combined here. Users can only view their own records and those of other users that are required for them to perform their duties. 

Why Would You Use a Private or Hybrid Model?

Security

Only the records that users should see are displayed. Use it if you have sensitive or private information.

Visibility

Only the records that users require are visible to them. List views, searches, and reports, for instance, only display pertinent records.

Determine How to Set OWD for an Object

  1. Who is this object’s most restricted user? 
  2. Will this user ever be able to view an instance of this object that they shouldn’t? 
  3. Will there ever be a situation when this user shouldn’t be able to update this object?

Object Model – OWD & Ownership

Object Model – Relationship Type

Record Ownership 

The majority of records have an owner. 

  • An exception is when parent records grant access permissions to child records in a master-detail connection.

Owner Types: 

  • Queues for Users

Owners of the records have complete access. 

Profiles

Profiles specify:

  • how users can interact with the application
  • how they can access objects and data
  • Each user must have a profile when they are created.

Profile types:

  • Salesforce provides standard profiles by default
  • Which are unchangeable
  • Have default permissions for the entire platform.
  • Users have defined custom profiles. Standard items that are accessible on
  • Can be removed if no users are assigned to it.

Profiles – What do they Control?

  • Object permissions
  • Field permissions
  • User permissions
  • Tab settings
  • App settings
  • Apex settings
  • Visualforce page access
  • Page layouts
  • Record Types
  • Login hours
  • Login IP ranges

Permission Sets

A group of configurations and authorizations that grant users access to a range of tools and features. Profiles contain the same settings and rights as permission sets, but permission sets give users more functional access without altering their profiles. 

CRED Settings

Extended Profile Access with Permission Sets

Definition: Users are granted more access options and rights through permission sets, which also offer flexibility in minimizing the need for new profiles. 

Overriding Record Access: System Permissions

All records are accessible with the “View All Data” and “Modify All Data” system permissions, irrespective of sharing. 

Overriding Record Access: Object Permissions

Regardless of sharing, the “View All” and “Modify All” rights grant access to every record for a specific object. 

Field-Level Security

Regulates which fields are viewable and editable by a profile or permission set. 

Overrides any search and page layouts’ less restricted field access settings. is always followed, regardless of how a user accesses Salesforce, including: 

  • The arrangement of the page 
  • A list of related items 
  • Report: ΑΡI 

Controlled by Parent Implications

When Controlled by Parent is selected as the organization-wide default for an object, all record access is dictated by the user’s access to the parent record. 

It is possible to set Contacts, Activities, and Orders to Parent Control. 

The parent automatically controls all custom detail objects. 

What is a Role Hierarchy?

Role hierarchy in a private or hybrid model allows you to grant managers, team leaders, and operations personnel access to records that they might not have previously had because of the structure.broad defaults 

Open Record Access Vertically with Role Hierarchy

Records can be accessed by moving up the role hierarchy with ordinary objects. You can decide if access to custom objects moves up the role hierarchy. 

Share Records Systematically with Sharing Rules

Sharing rules are:  

  • Exceptions to org-wide defaults.
  • Irrelevant for public data access models.

Sharing Rules

To give groups of users object-by-object additional record access, create sharing rules. Rules for sharing are: 

  • Exceptions to defaults for the entire organization.
  • Not relevant to models of public data access.
  • Consisting of three parts.

Public Groups 

Public groups are used in: Sharing rules 

  • Apex Sharing 
  • Manual sharing
  • Folder sharing 
  • CRM Content
  • Knowledge

 Grant Access Using Hierarchies can be disabled for a public group. 

Manual Sharing Allows for Flexibility

Sometimes identifying a consistent user base or set of standards for exchanging records might be challenging. 

Individual users, roles, and public groups can be granted read and modify permissions on specific records by record owners through manual sharing. 

Use the Lightning Components found on AppExchange to enable manual sharing in Lightning Experience. 

Comparison of Sharing Options

A programmatic sharing solution called Apex Sharing enables extra features that declarative solutions cannot provide. 

Organization-Wide Defaults vs. Role Hierarchy vs. Sharing

Org-Wide Defaults – Object Level

Implicit Sharing ​

Alternative Sharing Options

Account Teams

Give users more access to their accounts and associated documents by enabling account teams. Administrators, account owners, and their managers in the role hierarchy: 

  • Assign team roles and manually add or remove team members.  
  • Give every team member read-only or read-and-write access to the account and all of its contacts, opportunities, and cases. 
  • Make a default team for yourself that can be added immediately.

Opportunity Teams

Give users the ability to provide others more access to their opportunities by enabling opportunity teams. Administrators, opportunity owners, and their managers in the position hierarchy can: 

  • Assign team roles and manually add and delete team members from an opportunity’s sales team.
  • Provide read-only or read-and-write access to the chance for every participant.
  • Make a preset sales team for yourself that may be added immediately. 

Securing Private Data with Sheild

Platform Security 

  • Encrypts your most sensitive data at rest natively across all Salesforce apps.
  • Assists in safeguarding proprietary, sensitive, private, or PII data.
  • Observe internal and external data compliance regulations. 

Trail of Field Audits 

Observation of Events 

Sharing Concepts in Communities

Communities & Sharing 

Functional Access for External Users 

Access to External User Data 

After this module, what are your options?

Recognize the sharing options available to members of the Customer Community

 Recognize the sharing protocols for members of the Partner Community

Determine whether programmatic sharing should be used for 

users in the community 

External Users Functional Access

Partner

Recognize the limitations of your license. 

  • Companion
  • Dashboards for Market Development Funds, Quotes, Leads, Opportunities, and Campaigns (Create)

Customer Plus

  • Send emails, assign admins, and share roles and advice.
  • Customer & Reports

Customers

  • Tasks (Read), Events (Read), and Accounts (Read)
  • Workflow (only submit)
  • Sharing Groups and Sharing sets

External Users Data Access

  • Salesforce user's account with role In the role structure, it generates up to three subroles
  • Super user
  • Make use of common sharing methods.
  • External Organization Wide Default (equivalent to or more restricted than internal)
  • Owner and Criteria Sharing Rules
  • Sharing of Territory Management Manuals
  • Sharing Apex
  • Many Apex Sharing use cases are handled by Account Relationship (Spring 19).
  • Accounts' business relationship
  • The distributor must view client records. Rule for Sharing Account Relationship Data
  • Account Relationship Related List

Related articles

Leave a Comment

Share this Doc

Salesforce Sharing, Visibility and Security Management

Or copy link

CONTENTS

Powered By Help Applicationhouse