• Home
  • Salesforce
  • User Management And Object Level Security In Salesforce

User Management And Object Level Security In Salesforce

  • (5.0)
  • | 2454 Ratings
User Management And Object Level Security In Salesforce

Internal Security in Salesforce

About 59% of security threats are faced due to internal threats which occur with employees, Third parties and Ex-employees. They are becoming a casualty of phishing schemes by opening mischievous mails and accessing the systems in untrusted sources and secure fewer environments. Providing unnecessary access to the sources of lower-level users also leads to internal security issues. In Salesforce, we can restrict the access to each and every user at the object, level as well as at the field level.

User Management

Salesforce has a unique feature in identifying user login, i.e., it provides each user with a unique username and password with a profile which provides access to execute tasks that are assigned to be performed with data.

As an administrator, one can manage the users throughout the company by creating a profile and assign the users to those profiles. User management deals with work related to permissions and licenses. 

Depending on the license and edition of salesforce, we can customize the application built on it. Object-Level security is subdivided into three types, and they are detailed below.

  • OWD - Organisation Wide Default.
  • Profile.
  • Permission Set.

What is OWD?

OWD is defined as “Organisation Wide Default”, which is a part of object-level security. It ensures that object-level security is specific to the user and creates a barrier between the users in accessing their records or data they create. We have 3 features in OWD, and they are mentioned below in detail.

  • Public Read/Write: Apart from owner, anyone can see as well as change ANYTHING in the record data but still can’t delete it, and is the least restricted way.
  • Public Readonly: Apart from the owner, other people can ONLY VIEW the records but cannot edit and delete.
  • Private: No one apart from the owner can EDIT/VIEW the record. It is the most restricted way.

Note: How to “Login to another user”, without asking for the username and password?

Setup >> Security Controls >> login policies >> administrator can login as Any User - Check the box >> Save.

How to access OWD default?

Steps to perform:

Login to Salesforce Org >> Setup >> Administer >> Security Controls >> Sharing Settings 

OWD default in salesforce

Select the desired Object >> You can view the default value as shown in the below figure.

OWD default in salesforce

Explanation of OWD with different scenarios with an example:

Let us proceed with user-level access to the OWD, and it can be explained in three scenarios.

They are:

  • Public Read/Write.
  • Public read-only.
  • Private.

Checkout SalesForce Tutorial

Scenario 1: Public Read/write: let us create a record in “ App”, and save the record.

Public Read/WriteNow, you can log into other user name and can look at Edit/Delete of the record created.

Scenario 2: Public Readonly: let us create a record in “ App”, and save the record.

Public-readonly-gif in salesforceNow, you can log into other user name and can look at Readonly of the record created.

Scenario 3: Private: let us create a record in “ App”, and save the record.

private-gif in salesforce

Now, you can log into other user name and can look at No Access of the record created.

Note: Issue with OWD is it does not help us for Selective Sharing.

Checkout Salesforce Interview Questions

What is Profile?

The profile is part of Object Level Security which gives access to the users who are assigned to particular profiles. Eg: Finance Profile, the profile created. The profile applies for all the users in the Department, which leads to accessing of the records. Below mentioned are few features of profile:

  • Department wise sharing is possible.
  • Never Use Standard Profile.

Object Level Access:

    • CRED | VA | MA
    • CRED - Create, Read, Edit, Delete.
    • VA - View all.
    • MA - Modify all.

How To Create A Profile?

Login into Salesforce Org >> Setup >> Administer >> Manage Users >> Profiles >> New Profile.


Before creating a profile, we cannot create a profile from scratch. So, we need to clone a profile with an already existing one, and only specific profiles can be copied or cloned unless the profile license is matched with the user license.

User Management And Object Level Security In Salesforce

After selecting the desired user license, fill in the remaining details and Save.

User Management in salesforce

Edit the profile created (eg: Finance Profile) and scroll down for Custom Object Permission.

These are very important for a user assigned to the above profile created to work in the assigned Salesforce Org.

Object Level Security In Salesforce

Based on the check-box selection for individual objects, it will lead the profile used to perform activities for their own records (individual added records by user) in the salesforce work-area. 

  • Read: This allows the profile used to read the object.
  • Create: This allows the profile used to create the object.
  • Edit: This allows the profile user to edit the object.
  • Delete: This allows the profile used to delete the object.

Note: The remaining two options are very powerful which give access to the entire Object created by any user in the Organisation.

View All: It allows the profile user to access all the records, although they have not created.

Modify All: It allows the profile user to access and modify the records, although they have not created.

Now, according to the above profile, the users can access what they are permitted to objects. There is another special permission, which provides access to all the objects.

Administrative Permission >> View All Data.
Administrative Permission >> Modify All Data.

If we select the above option, the particular user profile has every object access created in the Organisation for View and Edit.

What is a Permission Set?

Permission Set is also a part of Object Level Security which gives special rights to the particular user to perform actions and the user has no restrictions if he/she is given with “None” in the License list. These type of permission sets are given to high-level users or users with special permissions as they should not have any obstructions in their work-flow.

The scenario in the Real-Time Project: 

During the Real-time work in the projects, the below-mentioned permissions will be given based on the criteria of the user. The below mentioned are the permissions given to the individual user, profile level and in the permission set.

  • OWD = Private.
  • Profile = CRED=Yes | VA + MA = No.
  • Permission Set = Special rights to limited people. 

How to create a Permission Set?

Login into Salesforce Org >> Setup >> Administer >> Manage Users >> Permission Sets >> New.

Object Level Security In Salesforce

Fill in the details, and regarding the License - If we select “None”, it applies to the entire company. If we select any License specifically, it will allow only that particular licensed users only.

Object Level Security In Salesforce

Benefits of the permission set over profiles: The added benefits of permission sets over the profile.

We can have only 1 profile to 1 user: Below mentioned are a few comparisons between permission sets and profile.

Case: So, if the person needs to access various departments of the Org, eg: Sales, profile, HR profile, Marketing profile, he cannot do that!

Case: Whereas, a person can have more than 1 permission set.

Case: In profile, we can add the person having same Matching License.

Case: In permission set, we can add any person with Any License, by using the “None” option in License Picklist.

In the next topic, we will discuss in detail about “Record Level Security In Salesforce”. Keep following us for more info on Salesforce Administration.

Checkout SalesForce Sample Resumes

Mindmajix offers different Salesforce certification training according to your desire with hands-on experience on Salesforce concepts

Subscribe For Free Demo

Free Demo for Corporate & Online Trainings.

About The Author

Arogyalokesh is a Technical Content Writer and manages content creation on various IT platforms at Mindmajix. He is dedicated to creating useful and engaging content on Salesforce, Blockchain, Docker, SQL Server, Tangle, Jira, and few other technologies. Get in touch with him on LinkedIn and Twitter. Protection Status