Blog

  • Home
  • Salesforce
  • User Management And Object Level Security In Salesforce

User Management And Object Level Security In Salesforce

  • (4.0)
  • | 663 Ratings

Internal Security in Salesforce

About 59% of security threats are faced due to internal threats which occur with employees, Third parties and Ex-employees. They are becoming a casualty of phishing schemes by opening mischievous mails and accessing the systems in untrusted sources and secureless environments. Providing unnecessary access to the sources of lower level users also leads to internal security issues. In salesforce, we can restrict the access to each and every user at the object, level as well as at the field level.

User Management

Salesforce has a unique feature in identifying user login, i.e., it provides each user with a unique username and password with profile which provides access to execute tasks that are assigned to be performed with data.

As an administrator, one can manage the users throughout the company by creating profile and assign the users to those profiles. User management deals with work related to permissions and licences. 

Depending on the license and edition of salesforce, we can customise the application built on it. The object level security is subdivided into three types, and they are detailed below.

  • OWD - Organisation Wide Default.
  • Profile.
  • Permission Set.
Want To Get SalesForce Training From Experts? Enroll Now For Free Demo On SalesForce Training

What is OWD ?

OWD is defined as “Organisation Wide Default”, which is a part of object level security. It ensures that object level security is specific to user and creates a barrier between the users in accessing their records or data they create. We have 3 features in OWD, and they are mentioned below in detail.

  • Public Read/Write: Apart from owner, anyone can see as well as change ANYTHING in the record data but still can’t delete it, and is the least restricted way.
  • Public Readonly: Apart from owner, other people can ONLY VIEW the records but cannot edit and delete.
  • Private: No one apart from owner can EDIT/VIEW the record. It is the most restricted way.

Note: How to “Login to other user”, without asking for the username and password?

Setup >> Security Controls >> login policies >> administrator can login as Any User - Check the box >> Save.

How to access OWD default?

Steps to perform:

Login to Salesforce Org >> Setup >> Administer >> Security Controls >> Sharing Settings 

OWD default in salesforce

Select the desired Object >> You can view the default value as shown in the below figure.

OWD default in salesforce

Explanation of OWD with different scenarios with an example:

Let us proceed with an user level access to the OWD, and it can be explained in three scenarios.

They are:

  • Public Read/Write.
  • Public readonly.
  • Private.

Checkout SalesForce Tutorial

Scenario 1: Public Read/write: let us create a record in “Naurkri.com App”, and save the record.

Public Read/WriteNow, you can log into other user name and can look at Edit/Delete of the record created.

Scenario 2: Public Readonly: let us create a record in “Naurkri.com App”, and save the record.

Public-readonly-gif in salesforceNow, you can log into other user name and can look at Readonly of the record created.

Scenario 3: Private: let us create a record in “Naurkri.com App”, and save the record.

private-gif in salesforce

Now, you can log into other user name and can look at No Access of the record created.

Note: Issue with OWD is it does not help us for Selective Sharing.

Checkout Salesforce Interview Questions

What is Profile?

Profile is part of Object Level Security which gives access to the users who are assigned to particular profiles. Eg: Naukri.com Finance Profile, the profile created. The profile applies for all the users in the Department, which leads to accessing of the records. Below mentioned are few features of profile:

  • Department wise sharing is possible.
  • Never Use Standard Profile.
  • Object Level Access : CRED | VA | MA
    • CRED - Create, Read, Edit, Delete.
    • VA - View all.
    • MA - Modify all.

How To Create A Profile?

Login into Salesforce Org >> Setup >> Administer >> Manage Users >> Profiles >> New Profile.

salesforce

Before creating a profile, we cannot create a profile from scratch. So, we need to clone a profile with already existing one, and only specific profiles can be copied or cloned unless the profile license is matched with the user license.

User Management And Object Level Security In Salesforce

After selecting the desired user license, fill in the remaining details and Save.

User Management in salesforce

Edit the profile created (eg: Naukri.com Finance Profile) and scroll down for Custom Object Permission.

These are very important for a user assigned to the above profile created to work in the assigned Salesforce Org.

Object Level Security In Salesforce

Based on the check-box selection for individual objects, it will lead the profile user to perform activities for their own records (individual added records by user) in the salesforce work-area. 

  • Read: This allows the profile user to read the object.
  • Create: This allows the profile user to create the object.
  • Edit: This allows the profile user to edit the object.
  • Delete: This allows the profile user to delete the object.

Note: The remaining two options are very powerful which give access to the entire Object created by any user in the Organisation.

View All: It allows the profile user to access all the records, although they have not created.

Modify All: It allows the profile user to access and modify the records, although they have not created.

Now, according to the above profile, the users can access what they are permitted to objects. There is another special permission, which provides access to all the objects.

Administrative Permission >> View All Data.
Administrative Permission >> Modify All Data.

If we select the above option, the particular user profile has every object access created in the Organisation for View and Edit.

What is a Permission Set?

Permission Set is also a part of Object Level Security which gives special rights to the particular user to perform actions and the user has no restrictions if he/she is given with “None” in the License list. These type of permission sets are given to high level users or users with special permissions as they should not have any obstructions in their work-flow.

Scenario in the Real-Time Project: 

During the Real-time work in the projects, the below mentioned permissions will be given based on the criteria of the user. The below mentioned are the permissions given to individual user, profile level and in permission set.

  • OWD = Private.
  • Profile = CRED=Yes | VA + MA = No.
  • Permission Set = Special rights to limited people. 

How to create a Permission Set?

Login into Salesforce Org >> Setup >> Administer >> Manage Users >> Permission Sets >> New.

Object Level Security In Salesforce

Fill in the details, and regarding the License - If we select “None”, it applies to the entire company. If we select any License specifically, it will allow only that particular licensed users only.

Object Level Security In Salesforce

Checkout SalesForce Sample Resumes

Benefits of permission set over profiles: The added benefits of permission sets over profile.

We can have only 1 profile to 1 user: Below mentioned are few comparisons between  permission sets and profile.

Case: So, if the person needs to access various departments of the Org, eg: Sales, profile, HR profile, Marketing profile, he cannot do that!

Case: Whereas, a person can have more than 1 permission set.

Case: In profile, we can add the person having same Matching License.

Case: In permission set, we can add any person with Any License, by using “None” option in License Picklist.

In the next topic, we will discuss in-detail about “Record Level Security In Salesforce”. Keep following us for more info on Salesforce Administration.

Mindmajix offers different Salesforce certification training according to your desire with hands-on experience on Salesforce concepts

Subscribe For Free Demo

Free Demo for Corporate & Online Trainings.

Arogyalokesh
About The Author

Arogyalokesh is a Senior Content Writer and manages content creation on various IT platforms at Mindmajix. He is dedicated to creating useful and engaging content on Blockchain, Salesforce, Docker, SQL Server, Tangle, Jira, and few other technologies. Get in touch with him on LinkedIn and Twitter.


DMCA.com Protection Status

Close
Close