Blog

Record Level Security In Salesforce

  • (4.0)
  • | 571 Ratings

Record level security enables the users to access few object records. Every record/data is owned by the user and he/she has the full access to it. In hierarchy, the users in the senior levels always have the access that is granted for the users in junior level. The users will also have access to the records shared with them.

Interested in mastering Salesforce? Enroll now for FREE demo on Salesforce Training

To define record-level security, first set your OWD (Org Wide Default) sharing settings and define a hierarchy, and then create sharing rules.

It is easy that with roles, we can modify profile and permission set in Salesforce Org. The profile and permission set control the objects of the user and field level access permission. The roles control the user’s record-level security via role hierarchy and the sharing rules.

What is a Role?

Role defines the data access levels to a single user or a group of users. The role ensures that the senior level users have the same level of access to data as the juniors, other than OWD(Org Wide Default) settings.

How to create a Role?

Step to create Role:

Login to Salesforce Org Setup AdministerManage Users Roles Set Up RolesCOO Assign.

Role in Salesforce

image: Role in Salesforce

The below figure specifies the tree structure of the “Organisation’s Role Hierarchy”, If you click on “Expand All”, you can have a look at the “Default Hierarchy Setup by Salesforce”. After the above, we need to assign the roles in the specific level required for the user. 

Creating a Role Hierarchy

Gif: Creating a Role Hierarchy

Let us consider that we have 2 users - User for senior position and junior position. For the senior level user, we will be providing all the access that junior has so that we will understand the hierarchy level access to the records in detail.

The User-1 is added at the “COO-level”. Click on “Assign” to next to the COO-level and proceed to next screen. Click on “Available Users Search” and set to “All Users”, and now you can visualise all available users in the organization. Select the User and assign the User-1 and click on Add button, and automatically the User shifts to the right column. Then, proceed to Save it as shown in the below figure.

Role created in Salesforce

Gif: Role created in Salesforce

Click on the COO level to look at the user assigned.

COO-level in Role

image: COO-level in Role

How to create User-2 under the Role created ?

Step to create User-2 under the Role:

Login to Salesforce Org Setup Administer Manage Users Roles Set Up Roles COO Add Role.

create User-2 under the Role

image: Step to create User-2 under the Role

Now, click the “Add Role” under the “COO Level” to create a junior level. Fill in the details and proceed to Save.

Step to create User-2 under the Role

Gif: Step to create User-2 under the Role

Now, the Role is created but no user is assigned to it. Let us add User-2 to it. Click on “Assign User to Role”, Click on “Available Users Search”, and set to “All Users”. Now, you can visualise all available users in the organization. Select the User and click on Add button, and automatically, the User shifts to the right column. Proceed to Save it as shown in the below figure.

Step to create User-2 under the Role

Gif: Step to create User-2 under the Role

The user is created.

Now, log into the user level and have a look at the access levels. The user has access to all the records that the senior has and can edit, create, and delete the records.

User is created in Role

image: User created in Role security

In a special scenario, the senior person will not be able to access the records of junior level person.

Login to Salesforce Org Setup Administer Security Controls Sharing Settings Manage sharing setting for - Application(eg: Naukri.com Job Form) Organization-Wide DefaultsEditApplication(eg: Naukri.com Job Form) Private (checkbox) option - uncheck.

 User is created in Role

Image: User created in Role security

What is Sharing Rule?

Sharing rules permit to make exceptions automatic to Org-wide sharing settings for a set of users, and provide access to the records they do not own or view. Sharing rules are used to permit the user to have additional access to the records and they are not severe than the OWD settings.

Checkout SalesForce Tutorial

How to create a Sharing Rule?

Steps to create Sharing Rule:

Login to Salesforce Org Setup Administer Security ControlsSharing Settings Sharing Rules New.

Steps to create Sharing Rule

Image: Steps to create Sharing Rule

In the below screen, we have 5 steps to complete.

Steps to create Sharing Rule

Gif: Steps to create Sharing Rule

Rule Types:

The sharing rule is created:

Based on record owner - (eg: Owner of the record has XYZ role than share with the ABC role person.)

(or)

Based on criteria - (eg: Based on the criteria we can share the records with the person desired.)

What is Manual Sharing?

In some situations, it is not possible to permit access to a group of users for particular records. In that situation, only the owner of the record can give access to the user through manual sharing. It is not automated like other sharing settings, sharing rules, & roles. It only provides the flexibility in sharing access of the records who don’t have access for the record owner.

How to create a Manual Sharing?

Steps to create Manual Sharing:

Login to Salesforce Org Select the required object New EntryAfter Save “Sharing Button” Enables Add Selects users from the list select the required user Save. The below figure determines each step in detail.

Steps to create Manual Sharing

Gif: Steps to create Manual Sharing

What is Public group

  • When we want to share a record with a group of users, so that they can read/write the record.
  • The owner of the records remains same after sharing also.
  • It is not required to mention Object names.

How to create a Public Group?

Steps to create PG:

Setup administer manage users public groups New.

Fill the mandatory fields in the screen, and provide “Grant Access Using Hierarchies” based on the your requirement. In the search dropdown, select the required (eg: Users) and select the required users to assign for the “Public Groups”(eg: Appointment PG). The below mentioned figure defines the steps.

Steps tp create a Public Group

Gif: Steps tp create a Public Group

How to use the Public Group created:

Steps to make use of the public Group created:

Setupadminister security controls sharing settings select the required object >> create a new sharing rule continue to 5 steps in the sharing rule save.

The below figure defines step by step procedure:

 Public Group created

Public Group created

Gif: Public Group created

What is Queue

When we want to share a record with a group of users, so that they can read/write the record.

The owner is changed and queue members will becomes the new, combined owner.

It is required to mention the object names.

Checkout Salesforce Interview Questions

How to create a Queue?

Steps to create Queue:

Setup administer manage users queue New.

Fill the mandatory fields in the screen, if require, select checkbox “Send Email To Members. 
Next, select the required “Object”, than add. 
Next, Queue Members - Select the require users from the list and Save.

The below mentioned figure defines the steps.

Steps to create Queue

Gif: Steps to create Queue

How can we use the Queue ?

Steps to use the Queue created:

Select “Naukri.com JobForms Select a record from the list select the “change”, in the owner(field) Select owner as “Queue”, from the dropdown list, Next Click on the “Magnifying Glass” and Select the “Queue” created(eg: Appointment Queue) and Save.

The below figure defines step by step procedure:

Steps to use the Queue

Gif: Steps to use the Queue

In the next topic, we will discuss in-detail about “Workflow Rules In Salesforce”. Keep following us for more info on Salesforce Administration.

Subscribe For Free Demo

Free Demo for Corporate & Online Trainings.

Arogyalokesh
About The Author

Arogyalokesh is a Senior Content Writer and manages content creation on various IT platforms at Mindmajix. He is dedicated to creating useful and engaging content on Blockchain, Salesforce, Docker, SQL Server, Tangle, Jira, and few other technologies. Get in touch with him on LinkedIn and Twitter.


DMCA.com Protection Status

Close
Close