Q1- What are different Levels of data access in Salesforce?
- Organization level security
For your whole org, you can maintain a list of authorized users, set password policies, and limit logins to certain hours and locations. - Object level security
Access to object-level data is the simplest thing to control. By setting permissions on a particular type of object, you can prevent a group of users from creating, viewing, editing, or deleting any records of that object. For example, you can use object permissions to ensure that interviewers can view positions and job applications but not edit or delete them. - Field level security
You can restrict access to certain fields, even if a user has access to the object. For
example, you can make the salary field in a position object invisible to interviewers
but visible to hiring managers and recruiters. - Record level security
You can allow particular users to view an object, but then restrict the individual object records they’re allowed to see. For example, an interviewer can see and edit her own reviews, but not the reviews of other interviewers. You can manage recordlevel access in these four ways.- Organization-wide defaults
- Role hierarchies
- Sharing rules
- Manual sharing
Q2 – What is Organization-wide defaults?
Organization Wide Defaults(OWD) in salesforce is the baseline level of access that the most restricted user should have. Organizational Wide Defaults are used to restrict access. You grant access through other means like(sharing rules, Role Hierarchy, Sales Teams and Account teams, manual sharing, Apex Sharing ). In simple words Organization Wide Defaults (OWD) specify the default level of access users have to each other’s records.
Q3 – What is role hierarchy?
It gives access for users higher in the hierarchy to all records owned by users below them in the hierarchy. Role hierarchies don’t have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.
Q4 – What is Manual sharing?
It allows owners of particular records to share them with other users. Although manual sharing isn’t automated like org-wide sharing settings, role hierarchies, or sharing rules, it can be useful in some situations, such as when a recruiter going on vacation needs to temporarily assign ownership of a job application to someone else.
Q5 – What is Profile
Each user has a single profile that controls which data and features that user has access to. A profile is a collection of settings and permissions. Profile settings determine which data the user can see, and permissions determine what the user can do with that data.
- The settings in a user’s profile determine whether she can see a particular app, tab, field, or record type.
- The permissions in a user’s profile determine whether she can create or edit records of a given type, run reports, and customize the app.Profiles usually match up with a user’s job function (for example, system administrator, recruiter, or hiring manager), but you can have profiles for anything
that makes sense for your Salesforce org. A profile can be assigned to many users, but a user can have only one profile at a time.
Q6 – What are standard profiles?
- Read Only
- Standard User
- Marketing User
- Contract Manager
- System Administrator
Q7 – What is Permission Set?
A permission set is a collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles. Permission sets make it easy to grant access to the various apps and custom objects in your org, and to take away access when it’s no longer needed. Users can have only one profile, but they can have multiple permission sets.
Q8 – What is “View all” and “Modify all” permission?
View all and Modify all permissions are usually given to system administrator. When you grant “View All” or “Modify All” for an object on a profile or permission set, you grant any associated users access to all records of that object regardless of the sharing and security settings.
In essence, the “View All” and “Modify All” permissions ignore the sharing model, role hierarchy, and sharing rules that the “Create,” “Read,” “Edit,” and “Delete” permissions respect. Furthermore, “Modify All” also gives a user the ability to mass transfer, mass update, and mass delete records of that specific object, and approve such records even if the user is not a designated approver.
These tasks are typically reserved for administrators, but because “View All” and “Modify All” let us selectively override the system, responsibilities that are usually reserved for the administrator can be delegated to other users in a highly controlled fashion.
- Is it possible to restrict permission for users using permission set?
No, Permission Set always extends the permission. It does not restrict permission to users. - If a user does not have access to a specific record type, will they be able
to see the records that have that record type?
Yes, Record type controls only visibility of record on UI but not its access to users. If user
does not have access to record type then user will not be able to create records for that
record type using UI. But user will we able to see records if they have appropriate permission
to do so.