User Management: Data Security

 Introduction To Data Security:

• Important because need to control what a user or group of user can see in the org or app.
• Salesforce provides layered sharing model.
• easily assign different data set to different groups of users.
• control access to the whole org, any specific object, fields and records.

Levels of data access: You can configure access to data in salesforce at four main levels.

1. Organization
2. Object
3. Field
4. Record

Organization Level Security: You can secure access to your organization by maintaining:

• List of authorized users.
• Set password policies.
• Limit login to certain hours and locations (Login IP range & Login hours)

Object Level Security:

• Can control object-level permission for both standard and custom object.
• Can set permission for a particular object.
• Can give permission to view, create, edit and delete.
• Can control object permission using profiles and permission sets.

Field level security:

• We can restrict access to certain fields in salesforce, even if users have object-level access.
• We can make a field visible to a particular user and hide it for another user.
• We can give read and edit permission to a field.
• Field level security can control using profiles and permission sets

Record level security:

• We can restrict access to records for users in salesforce, even if users have object-level permission.
• For example, a user can view his own record but not others.
• We can manage record-level access in the following ways:
• Organization-wide defaults.
• Role hierarchies.
• Sharing rules.
• Manual sharing.

Organization-wide defaults:

• Org-wide sharing settings lock down the data to the most restrictive level.
• Here we have three access levels:
• Private
• Public Read-only
• Public Read/Write

Role Hierarchies:

• It gives access to users higher in the hierarchy.
• Users can access all records owned by the users below then the hierarchy.

Sharing rules: 

• These are exceptions to org-wide defaults.
• Though sharing rules can share records to the group of users.
• They can get access to the record they don't own and can't manually see.

Manual sharing:

• It allows owner of particular records to share them with other users.
• Manual sharing is not automated like org-wide defaults, Role hierarchy and Sharing rules.
• It can be useful in some situations where you manually want to share a record with another user.