About 59% of security threats are faced due to internal threats which occur with employees, Third parties and Ex-employees. They are becoming a casualty of phishing schemes by opening mischievous mails and accessing the systems in untrusted sources and secure fewer environments. Providing unnecessary access to the sources of lower-level users also leads to internal security issues. In Salesforce, we can restrict the access to each and every user at the object, level as well as at the field level.
Salesforce has a unique feature in identifying user login, i.e., it provides each user with a unique username and password with a profile which provides access to execute tasks that are assigned to be performed with data.
As an administrator, one can manage the users throughout the company by creating a profile and assign the users to those profiles. User management deals with work related to permissions and licenses.
Depending on the license and edition of salesforce, we can customize the application built on it. Object-Level security is subdivided into three types, and they are detailed below.
OWD is defined as “Organisation Wide Default”, which is a part of object-level security. It ensures that object-level security is specific to the user and creates a barrier between the users in accessing their records or data they create. We have 3 features in OWD, and they are mentioned below in detail.
Note: How to “Login to another user”, without asking for the username and password?
Setup >> Security Controls >> login policies >> administrator can login as Any User - Check the box >> Save.
Steps to perform:
Login to Salesforce Org >> Setup >> Administer >> Security Controls >> Sharing Settings
Select the desired Object >> You can view the default value as shown in the below figure.
Let us proceed with user-level access to the OWD, and it can be explained in three scenarios.
Scenario 1: Public Read/write: let us create a record in “Naurkri.com App”, and save the record.
Now, you can log into other user name and can look at Edit/Delete of the record created.
Scenario 2: Public Readonly: let us create a record in “Naurkri.com App”, and save the record.
Now, you can log into other user name and can look at Readonly of the record created.
Scenario 3: Private: let us create a record in “Naurkri.com App”, and save the record.
Now, you can log into other user name and can look at No Access of the record created.
Note: Issue with OWD is it does not help us for Selective Sharing.
The profile is part of Object Level Security which gives access to the users who are assigned to particular profiles. Eg: Naukri.com Finance Profile, the profile created. The profile applies for all the users in the Department, which leads to accessing of the records. Below mentioned are few features of profile:
Object Level Access:
Login into Salesforce Org >> Setup >> Administer >> Manage Users >> Profiles >> New Profile.
Before creating a profile, we cannot create a profile from scratch. So, we need to clone a profile with an already existing one, and only specific profiles can be copied or cloned unless the profile license is matched with the user license.
After selecting the desired user license, fill in the remaining details and Save.
Edit the profile created (eg: Naukri.com Finance Profile) and scroll down for Custom Object Permission.
These are very important for a user assigned to the above profile created to work in the assigned Salesforce Org.
Based on the check-box selection for individual objects, it will lead the profile used to perform activities for their own records (individual added records by user) in the salesforce work-area.
Note: The remaining two options are very powerful which give access to the entire Object created by any user in the Organisation.
View All: It allows the profile user to access all the records, although they have not created.
Modify All: It allows the profile user to access and modify the records, although they have not created.
Now, according to the above profile, the users can access what they are permitted to objects. There is another special permission, which provides access to all the objects.
Administrative Permission >> View All Data.
Administrative Permission >> Modify All Data.
If we select the above option, the particular user profile has every object access created in the Organisation for View and Edit.
Permission Set is also a part of Object Level Security which gives special rights to the particular user to perform actions and the user has no restrictions if he/she is given with “None” in the License list. These type of permission sets are given to high-level users or users with special permissions as they should not have any obstructions in their work-flow.
The scenario in the Real-Time Project:
During the Real-time work in the projects, the below-mentioned permissions will be given based on the criteria of the user. The below mentioned are the permissions given to the individual user, profile level and in the permission set.
Login into Salesforce Org >> Setup >> Administer >> Manage Users >> Permission Sets >> New.
Fill in the details, and regarding the License - If we select “None”, it applies to the entire company. If we select any License specifically, it will allow only that particular licensed users only.
Benefits of the permission set over profiles: The added benefits of permission sets over the profile.
We can have only 1 profile to 1 user: Below mentioned are a few comparisons between permission sets and profile.
Case: So, if the person needs to access various departments of the Org, eg: Sales, profile, HR profile, Marketing profile, he cannot do that!
Case: Whereas, a person can have more than 1 permission set.
Case: In profile, we can add the person having same Matching License.
Case: In permission set, we can add any person with Any License, by using the “None” option in License Picklist.
In the next topic, we will discuss in detail about “Record Level Security In Salesforce”. Keep following us for more info on Salesforce Administration.
Mindmajix offers different Salesforce certification training according to your desire with hands-on experience on Salesforce concepts
|Salesforce Administration Training||Salesforce Lightning Training|
|Salesforce Advanced Developer Training||Salesforce Developer Training|
|Salesforce IoT Training||Salesforce App Builder Certification Training|
|Salesforce AppExchange Training||Salesforce Service Cloud Training|
|and many more.|
Free Demo for Corporate & Online Trainings.