Record Level Security In Salesforce

Record-level security in Salesforce enables users to access a few object records. The user owns every record/data, and he/she has full access to it. In a hierarchy, the users in the senior levels always have access that is granted to the users at the junior level. The users will also have access to the records shared with them.

To define record-level security in Salesforce, first set your OWD (Org Wide Default) sharing settings and define a hierarchy, and then create sharing rules.

It is easy that with roles, we can modify profile and permission set in Salesforce Org. The profile and permission are configured to control the objects of the user and field-level access permission. The roles control the user’s record-level security via role hierarchy and the sharing rules.

In This Blog, You Will Learn

Role Sharing Rule Manual Sharing Public Group Queue

What is Role?

A role defines the data access levels to a single user or a group of users. The role ensures that the senior level users have the same level of access to data as the juniors, other than OWD(Org Wide Default) settings.

[ Learn more - Salesforce Basics ]

How to create a Role?

Step to create Role:

Log in to Salesforce Org → Setup → Administer→Manage Users →Roles → Set Up Roles→COO → Assign.

image: Role in Salesforce

The below figure specifies the tree structure of the “Organisation’s Role Hierarchy,” If you click on “Expand All,” you can have a look at the “Default Hierarchy Setup by Salesforce.” After the above, we need to assign the roles in the specific level required for the user. 

Want to enhance your skills in dealing with the world's best CRM, enroll in our Salesforce Course.

Gif: Creating a Role Hierarchy

Let us consider that we have two users - A user for a senior position and a junior position. For the senior-level user, we will be providing all the access that junior has so that we will understand the hierarchy level access to the records in detail.

The User-1 is added at the “COO-level.” Click on “Assign” to next to the COO-level and proceed to the next screen. Click on “Available Users Search” and set it to “All Users,” and now you can visualize all available users in the organization. Select the User and assign the User-1 and click on Add button, and automatically the User shifts to the right column. Then, proceed to Save it as shown in the below figure.

Gif: Role created in Salesforce

Click on the COO level to look at the user assigned.

image: COO-level in Role

How to create User-2 under the Role Created?

Step to create User-2 under the Role:

Log in to Salesforce Org → Setup → Administer →Manage Users→ Roles→ Set Up Roles → COO → Add Role.

image: Step to create User-2 under the Role

Now, click the “Add Role” under the “COO Level” to create a junior level. Fill in the details and proceed to Save.

Gif: Step to create User-2 under the Role

Now, the Role is created but no user is assigned to it. Let us add User-2 to it. Click on “Assign User to Role”, Click on “Available Users Search”, and set to “All Users”. Now, you can visualize all available users in the organization. Select the User and click on Add button, and automatically, the User shifts to the right column. Proceed to Save it as shown in the below figure.

Gif: Step to create User-2 under the Role

The user is created.

Now, log into the user level and have a look at the access levels. The user has access to all the records that the senior has and can edit, create, and delete the records.

image: User-created in Role security

In a special scenario, the senior person will not be able to access the records of the junior-level person.

Login to Salesforce Org→ Setup →Administer→ Security Controls→ Sharing Settings→ Manage sharing setting for - Application(eg: Naukri.com Job Form)→ Organization-Wide Defaults→Edit→Application(eg: Naukri.com Job Form) → Private (checkbox) option - uncheck.

Image: User-created in Role security

What is Sharing Rule?

Sharing rules permit to make exceptions automatic to Org-wide sharing settings for a set of users, and provide access to the records they do not own or view. Sharing rules are used to permit the user to have additional access to the records and they are not severe than the OWD settings.

[Related Article: Salesforce Interview Questions for Experienced]

How to create a Sharing Rule?

Steps to create Sharing Rule:

Log in to Salesforce Org → Setup→ Administer→ Security Controls→Sharing Settings →Sharing Rules →New.

Image: Steps to create Sharing Rule

In the below screen, we have 5 steps to complete.

Gif: Steps to create Sharing Rule

Rule Types:

The sharing rule is created:

Based on record owner - (e.g., Owner of the record has an XYZ role than share with the ABC role person.)

(or)

Based on criteria - (e.g., based on the criteria, we can share the records with the person desired.)

[Related Article: Sharing Rules in Salesforce]

What is Manual Sharing?

In some situations, it is not possible to permit access to a group of users for particular records. In that situation, only the owner of the record can give access to the user through manual sharing. It is not automated, like other sharing settings, sharing rules, & roles. It only provides the flexibility in sharing access to the records who don’t have access to the record owner.

How to create a Manual Sharing?

Steps to create Manual Sharing:

Log in to Salesforce Org→ Select the required object → New Entry→ After Save “Sharing Button” Enables → Add → Selects users from the list → select the necessary user → Save. The below figure determines each step in detail.

Gif: Steps to create Manual Sharing

What is a Public group?

• When we want to share a record with a group of users so that they can read/write the record.
• The owner of the records remains the same after sharing also.
• It is not required to mention Object names.

How to create a Public Group?

Steps to create PG:

Setup → administer → manage users → public groups → New.

Fill the mandatory fields on the screen and provide “Grant Access Using Hierarchies” based on your requirements. In the search dropdown, select the required (e.g., Users) and select the required users to assign for the “Public Groups”(e.g., Appointment PG). The below-mentioned figure defines the steps.

Gif: Steps to create a Public Group

Steps to make use of the public Group created:

Setup→ administer→ security controls→ sharing settings→ select the required object >> create a new sharing rule → continue to 5 steps in the sharing rule → save.

The below figure defines step by step procedure:

 Public Group created

Gif: Public Group created

What is Queue

When we want to share a record with a group of users so that they can read/write the record.

The owner is changed, and queue members will become the new, combined owner.

It is required to mention the object names.

How to create a Queue?

Steps to create Queue:

Setup → administer → manage users→ queue → New.

Fill the mandatory fields in the screen, if required, select the checkbox “Send Email To Members. 
Next, select the required “Object,” then add. 
Next, Queue Members - Select the required users from the list and Save.

The below-mentioned figure defines the steps.

Gif: Steps to create Queue

How can we use the Queue?

Steps to use the Queue created:

Select “Naukri.com JobForms” → Select a record from the list → select the “change,” in the owner(field) → Select owner as “Queue,” from the dropdown list, Next Click on the “Magnifying Glass” and Select the “Queue” created(e.g., Appointment Queue) and Save.

The below figure defines step by step procedure:

Gif: Steps to use the Queue

In the next topic, we will discuss in detail “Workflow Rules In Salesforce.” Keep following us for more info on Salesforce Administration.