Salesforce Data Security Model

Hi all, most of us are very much familiar with the Salesforce data security model. But now or then we all fumble with some of the security-based scenarios. So why don't we recap what we already know?

A quick example, we all have a Facebook account. I do not want everyone to see my posts, my pics. My content should only be available to my friends, or just to me. We know we can handle this very well within Facebook even at very granular levels. Just like any system, Salesforce also provides a very robust security model.

In Salesforce, data is stored in three key constructions: objects, fields, and records. Objects are similar to tables in databases. Fields are similar to columns of the table. Records are similar to rows of data inside the table. Salesforce uses object-level, field-level, and record-level security to secure access to an object, field, and individual records.

Layer 1: Object-level-security

This layer controls the access based on the Profiles and Permission sets, we all know what these are.

Profiles: Gives you access to control object-level and field-level security among other things like apps, tabs, and so on. I can control what a user can see based on his/her profile. A very basic thing to enforce security.

Permission Sets: Suppose, a certain user in a profile needs to have access to certain objects, which are not visible by his/her profile. Create a permission set, assign the necessary access level, you are good to go.

Layer 2: Field-level-security

As discussed with profiles and permission sets, we can control the access to objects, fields, tabs, etc. What if we have access to an object and its fields, but we do not wish everyone to see all fields. Ok, you can see but I don't want them to edit these field's values, field-level security helps me to control this.

Layer 3: Record-level-security

This the most important aspect of the data security model. This is where the real deal lies. We know that every record created in Salesforce is owned by a user. That user has absolute control over that record. Just like my Facebook example do I want everyone to see my records, can I control this? If yes then how and up to which level. The below image shows record level security flow which gives us the power to control security

Organization-Wide Defaults: OWD controls the default behavior of how every record of a given object (for example, Accounts) is accessed by users who do not own the record.

For example:

1. If OWD for Accounts is Private, it means only the record owner can see the records.
2. If OWD for Accounts is Read/Write, it means anyone can read and update (but not delete) the record.

Role Hierarchies: We know that every organization has its own set of Roles. In Salesforce Roles control the visibility of the data. A certain user who is higher than you in terms of the organization roles can see your data.

Sharing Rules: the Roles will expand the data visibility when we traverse upwards in roles. What if I want to share my data with my peers in my team or a certain role or group? This is where Sharing rules kick in.

• Ownership-based Sharing: Ownership-based sharing rules let you share records based on role, role-and-subordinate, and public group ownership. This means I can share all the records owned by me throughout my role.
• Criteria-based Sharing: Ok, all of the above is fine, but I want this to be kind of dynamic. I want to make sure as soon as an Opportunity in London is Closed Won. This record should be shared with a certain role, role-and-subordinate, and public groups. We will create some criteria-based sharing rules for Opportunity, under Sharing settings. Define your criteria, save, recalculate, and it's done. So now every time an Opportunity meets the criteria, it is shared with specific people.
• Guest user access, based on criteria: Sometimes we want some of the very generic data to be available to the guest users who are accessing the site, even without logging in. Again here also you can define your criteria, but this is advised only for something which you think is appropriate for the sensitivity of your data. Salesforce isn’t responsible for any exposure of your data to guest users related to this change from default settings.

Manual Sharing: Fine, everything makes sense, but what if I want to be too selective to share my data. I can do this using the Sharing button available on the Page Layout. This provides a mechanism to share individual records with others. Something to note, this is only available if the OWD for the object is private or public read-only.

Apex Managed Sharing: There could be an instance where we have to meet bit complex criteria and this cannot be achieved using out-of-the-box features. I can pull this by writing some custom apex code. More details can be found here.

Hope this helps you in some way.

“We need to accept that we won’t always make the right decisions, that we’ll screw up royally sometimes – understanding that failure is not the opposite of success, it’s part of success.” – Arianna Huffington