SaasGuru Logo

Salesforce Sharing Model and Data Security | Saasguru

Table of Contents

Salesforce Sharing Model deals with the security and sharing settings of data amongst users or a group of users in the organisation. It offers a flexible and layered sharing and visibility model to provide different data set to a different set of users. Salesforce Sharing Model helps to easily specify which users can view, create, edit, or delete any record or field. You can control access by combining security controls at different levels using Salesforce Sharing Model.

Become a Salesforce Certified Professional

Use Coupon Code BLOG20 to avail flat 20% discount on saasguru Programs.

Security is broadly divided into four categories, as depicted below.

introduction

Data Access and Authorisation

Profiles, Permission Sets, Roles, and OWD settings together define what a user can access and is authorised to do in Salesforce. Permission sets are an add-on to the profiles and provide additional permissions to specific users. Roles govern what you can see, and Profiles control what you can do.

Salesforce recommends a restrictive data access approach. It provides bare minimum permission and data access by using profiles and OWD settings. Moreover, it expands the access using additional access permission such as sharing rules and manual sharing.

Data Access and Authorisation

Profile

A profile is a collection of settings and permissions that determine which data the user can see and what the user can do with that data. Profiles usually match up with a user’s job function like VP of Sales will have access to all the Sales objects and will be able to perform functions like pipeline forecasting, manage deal cycle, etc.

Here are some key highlights of the profile:

Profiles and permissions set

Mainly, the profile manages what CRED operations can be performed by the user on each object. This ties back to the primary database concepts of CRUD and Salesforce we can call it CRED,

• C – Create
• R – Read
• E – Edit
• D – Delete

In addition to basic CRED permissions, Salesforce also provides ‘View all’ and ‘Modify all’ options on Salesforce objects for data administration.
Profile 1.1

To provide additional administrative and general user permissions, go to the Administrative and General User Permission section. After that, select the needed permissions.

Profile 1.2

Roles

Data visibility is also dependent on the organisation-wide defaults, which is set as a baseline for vertical data sharing. Sharing rules are used to extend the access we receive from roles. It gives the admin more flexibility to open up the record visibility horizontally across the hierarchy.

Roles

Permission Sets

Permission Sets are add-on permissions (for objects, field-level security, record types, tabs, apps) on top of profiles that can be allocated to individual users. This helps keep a low-profile count and allows users to add specific permissions to meet business requirements.
For instance, if one sales profile user needs to delete leads, we can create a permission set just with delete lead (CRED) permission and assign it to that user.
Admin can also combine permission sets into a group called ‘Permission set groups.’ It helps connect similar permissions and gives more flexibility to create abstract permissions.

Permission Sets

Org-Wide Defaults

Org-wide defaults specify the baseline level of access that the most restricted user should have. Use org-wide defaults to lock down your data, and then use the other record-level security and sharing tools (role hierarchies, sharing rules, and manual sharing) to open up the data to users who need it.

Type of OWD access and relative access.
• Private: Read/Edit access to owners of record and anyone above that role hierarchy.
• Public Read Only: Read access to everyone, but only the owner and anyone above that hierarchy can edit.
• Public Read/Write: Read/Edit access to everyone (given they have object-level permission).
• Public Read/Write/Transfer (only for Leads & cases): Read/Edit/Transfer to everyone.
• Controlled by Parent: Inherits OWD sharing from parent record (for tasks, contact, opportunity, order, master-detail, and some other standard objects).

Sharing settings

Sharing Rules

Sharing rules enables you to extend the access to the records over baseline access for each object. For instance, if you have org-wide sharing defaults of Public Read Only or Private, you can provide access for some users with sharing rules.

There are two types of sharing rules:
• Ownership Based – Share the records owned by specific users with other users or a group of users.
• Criteria Based – Share the records that meet some criteria with other users or a group of users.

Here are some of the key highlights of sharing rules.

Sharing Rules

Manual Sharing

Manual sharing is an option to share one specific record with another user who does not have access to the record.

Options to share the record has a similar kind of access as OWD:
• Read-only: Provides view access.
• Read/Write: Provides view and edit access.

Manual Sharing

To Sum Up

Salesforce platform offers a flexible layered data-sharing model for admins to efficiently manage the visibility of the data sets to different sets of users. For example, you can control access to your entire org, a specific field, a specific object, or even an individual record with Salesforce Sharing Model. This helps organisations to reduce the risk of data leakage and data misuse while providing the required access to users.

Get your Salesforce Certifications on the first go

Use Coupon Code BLOG20 to avail flat 20% discount on saasguru Programs.

Choosing the data set each user or group of users can see is one of the critical decisions that affect the security of your Salesforce org. Get updated on the latest Salesforce features with saasguru. Explore our Salesforce certification courses. Sign Up and upgrade your career to the next level.

FAQ

1. What is the Salesforce Data Sharing model?

Salesforce Sharing Model deals with the security and sharing settings of data amongst users or a group of users in the organisation. It offers a flexible and layered sharing and visibility model to provide different data sets to a different set of users. Salesforce Sharing Model helps to easily specify which users can view, create, edit, or delete any record or field. You can control access by combining security controls at different levels using Salesforce Sharing Model.

2. How many types of sharing are there in Salesforce?

There are two primary ways to share records in Salesforce:

1. Sharing rules enables you to extend the access to the records over baseline access for each object. For instance, if you have org-wide sharing defaults of Public Read Only or Private, you can provide access for some users with sharing rules.

There are two types of sharing rules:

a. Ownership Based – Share the records owned by specific users with other users or a group of users.
b. Criteria Based – Share the records that meet some criteria with other users or a group of users.

2. Manual sharing is an option to share one specific record with another user who does not have access to the record.

3. What are Sharing Rules in Salesforce?

The sharing rules in Salesforce are used to grant sharing access to users. The users can be in roles, territories or public groups. Sharing rules give particular users greater access by making automatic exceptions to your org-wide sharing settings.

4. What is the “Grant Access Using Hierarchies” checkbox used for in OWD settings?

Beyond setting the organization-wide sharing defaults for each object, you can specify whether users have access to the data owned by or shared with their subordinates in the hierarchy. For example, the role hierarchy automatically grants record access to users above the record owner in the hierarchy. By default, the Grant Access Using Hierarchies option is enabled for most standard objects, and it can only be changed for custom objects.

Looking for Career Upgrade?

Book a free counselling session with our Course Advisor.

By providing your contact details, you agree to our Terms of use & Privacy Policy

Related Articles

saasguru is Scaling Up with New Seed Funds of 4 Million AUD

saasguru has successfully raised a whopping amount of AUD 4 million in the second seed funding round led by Square Peg Capital on November 29, 2022. Read more.

How To Transition Into a Cloud Career Without Experience?

Explore ways to get a job in cloud computing without prior experience and how to use your certification to get a job in the cloud. Read now!

AWS Certification Types and Their Costs in India 2023

AWS certifications are divided into 4 tiers – the first being entry-level & the 4th being the most advanced. Explore AWS certifications & their costs in India here.

Scroll to Top