“…but wait! There’s more!”

We have explored how Salesforce keeps your data safe from unauthorized access. Let’s see how data is administered the right way, to the right people.

In Salesforce, data is stored in three key structures: objects, fields, and records. Objects are comparable to tables in databases. Fields represent the columns of the table. Records are like rows of data inside the table. Salesforce uses object-level, field-level, and record-level security to ensure correct access to objects, fields, and individual records.

Profiles is where we can control access to object-level and field-level security, among other things. However, changes to Profiles will propagate to all users associated with that specific profile. If you wish to grant further access to a specific user, but not all the users in a specific profile, you can do so via Permission Sets.

The next step is Field-Level Security. You can personalize each field inside the object and decide who can modify it. If necessary, you can hide it completely to entire profiles. The fields still exist and are fully functional. But they will be invisible without proper permission.

With object-level access and field-level access, Users can only access records they own (that is, records they created themselves). In order to grant access to other users’ records, Record-Level Security comes into play.

Organization-wide defaults (OWD) control the default behavior of how every record can be accessed by users who do not own the record. If set to Private, users can only see the records they own. If set to Read/Write, anyone can read and update (but not delete) any record.

Furthermore, records can have Criteria-based sharing rules.

Criteria-based sharing rules let users access records based on the value of a field in a record, regardless of who owns the record.