Overview of Security in Force.com development platform
- Every user in Salesforce has a profile. Profiles are of two types.
A user's profiles determines access to objects, and fields in objects.
- Standard profile
- Custom profile
- There are six type of standard profiles -
- Standard user
- System Administrator
- Contract Manager
- Marketing User
- Read Only
- Solution Manager
Standard profiles cannot be deleted. Access permissions to objects (and their fields) of standard profiles cannot be edited. Standard profiles have access to all standard objects. Read-only profile have read-only access to objects. However access to tabs and applications can be configured for standard profiles.
Access permissions of Custom profiles can be edited. Custom Profiles are created by developers by cloning from a standard profile.
For each profile one application has default status.
- The objects the user can access
- The fields of the object the user can access
- The tabs the user can access
- The apps the user can access
- The page layout that is assigned to the user
- The record types available to the user
Record Types are associated with profiles. Record type play two important roles in Salesforce -
A record is an instance of an object. To create record types and profiles check out this link www.npsphelper.com/admin
Removing a field from page layout does not ensure that security of that field. The field may still be accessible using the API.
Security in Salesforce is defined at multiple levels. These levels are -
- They help define values to be shown in picklist for different profiles.
- They are used to define a mapping between page layout and profiles. This ensures that different users are displayed different views of the same page, depending upon the layout template selected.
- Security at object level
- Security at field level
- Security at record level
A. Organization-wide defaults
C. Sharing rules
D. Manual Sharing
Object level security is given to profile level. Object level security is set up via Manage Users-->Profile section. Access for Read, Create, Edit & Delete can be set at standard and custom objects.
Field-level security is also applied at profile level. The field-level security is available via the "Set Field-level security" button in the field definition page. At field level, for each profile valid settings are Visible and Read-only.
When a user logs in the list of objects that are displayed to her is determined by object level security, and list of fields that are displayed to the user is determined by field level security settings of that profile.
The next set of security concepts work at record level. These constraints determine which records should be displayed to the users. The four constraints that determine record level access are - organization-wide defaults, role-hierarchy, sharing rules and manual sharing.
OWD stands for Organization wide defaults. This setting is defined at object level. OWD defined the default record level sharing for objects. All profiles get at least the privileges defined in OWD. OWD takes three different values -
Key concepts about Organization wide default -
- Private (Cant view and edit)
- Public Read only (Can view)
- Public Read-Write (Can view and edit)
- To find out what should be set as OWD for an object, first find out which user requires least access to an object. OWD is set based upon this users access requirement.
- Most restrictive record access is defined using OWD. Access to additional records is made available through Role hierarchy, Sharing rules, Manual sharing.
- We can set OWD settings for both Standard and Custom Objects.
- Changing OWD settings can delete Manual Sharing if that sharing is no longer needed.
- Public Read/Write is default OWD settings.
- Role Hierarchy allows additional users access to records. A hierarchy of roles is defined based upon access requirements at record level. Each user belongs to a unique role. If a role has access to some record, than its parent and ancestors will also have access to this record. Roles can be created using the Manager Users menu. Roles are used to control record access, where as profiles are used to specify access at object and field level.
- Public group used in a sharing rule. It is used to give access to folders. It consists of users, roles or "roles and subordinates". The default Public Group is “Entire Organization”. We cannot assign Public Groups to profiles.
- Another related concept that Salesforce defines is Public group. Public group consists of users, roles or "roles and subordinates".
- Sharing rule is defined using public groups. Record that match certain condition can be assigned to users in public groups using Sharing Rules. Sharing rules functionality is available via the menu Sharing Settings.
- Manual Sharing is used to grant one-off access. Manual sharing can be granted by record owner, any one above the owner in role hierarchy and System Administrator. Manual sharing is used to handle exception cases where access to a particular record needs to be given to a specific user. There is a Sharing button on the records page. This is used to provide manual sharing. The Ownership of the record can be transferred to any user who has at least Read permission on the record.
- If the Read permission for the object is revoked from the users profile, the user will not be able to see their own record.
- Full access to the records means user can View, Edit, Transfer Ownership, Delete and Share the record. Full access is granted to:
- Record Owner
- Users above record owner in role hierarchy.
- Users with “Modify All Data “ permission i.e. Admin
- Apex Sharing Reasons can have upto 10 Apex Sharing Reasons. It can only be given for Custom Objects.