In Salesforce, we can control access to each and every things.
There are 4 levels of access in Salesforce:
- Organization level access
- Object-level access
- Field level access
- Record level access
Organization level access
It helps you to maintain a list of authorized users, set password policies, and limit logins to certain hours and locations.
Object level access
It is used to manage object level access. It decides which users, or profiles have view/ edit/ delete access to which objects. This level of access can be set on the profile, permission sets, or permission set groups.
Field level access
It is used to manage field level access. It decides which user, or profiles have view/ edit access to which fields. This level of access can be set on the profile, permission sets, or permission set groups.
Record level access
It is used to limit record level access. You can allow an individual to view an object and create records but limit their access to certain records.
You can manage record level access in these 4 ways:
- Organization-Wide default
These are used to specify the default level of access users have to each others records. These are set to the most restrictive level, and other record-level security and sharing tools are used to give extra access.
- Role Hierarchies
Role Hierarchies provides record access of the users lower in the hierarchy. Also, it is not necessary for it to match your organization’s roles. Each role in the hierarchy should represent a level of access a user or a group of users need.
- Sharing Rules
Sharing Rules are used to give record level access to users on the basis of some field criteria. The criteria in the Sharing Rules can be based on Record Owner, or Some Criteria.
- Manual Sharing
Manual Sharing is used to give a record access to another user manually. Unlike Org-Wide Default, Role Hierarchy, and Sharing Rules, this is not automated.
References:
