"Understanding the Robust Data Security Model in Salesforce"

 


Salesforce provides a comprehensive and flexible data security model to secure data at different levels. Salesforce also provides sharing tools to open up and allow secure access to data based on business needs.

There are three key constructs related to data in Salesforce: Objects, Fields and Records.

  1. Objects are similar to tables in databases.
  2. Fields are similar to columns of the table.
  3. Records are similar to rows of data inside the table.
Salesforce uses object-level, field-level, and record-level security to secure access to object, field, and individual records.

Layer 1: Object-level Security

Object-level access can be managed through two configurations - Profiles and Permission Sets.

Profiles

Assigning a user a profile is compulsory, as this is the place where you configure other things like page layout assignments or login IP restrictions. However, for object and field security setup, configure profiles for minimum access and use permission sets to add permissions.

Permission sets

Permission sets are more flexible. In contrast to profiles, you can add multiple permission sets to a given user. This gives you much more flexibility at the time of designing your security model, as functionality can be grouped in more granular ways. When only using profiles, you needed to group all the object and field permissions in a single profile, for instance for a concrete job role, as sales exec. With permission sets you can have different permission sets representing the different tasks that that a sales exec performs: manage leads, approve opportunities, etc. and add or remove smaller chunks of permissions to a user at any time.

Layer 2: Field-level Security


  1. Even if a user has access to objects, he/she still needs access to individual fields of each object. In Salesforce, profiles and permission sets also control field-level access. An admin can provide read and write permissions for individual fields.
  2. An admin can also set a field to hidden, completely hiding removing access to the field to from that user. When you hide a field with field-level security, the field won't be accessible through any entry points (for instance via API).

Layer 3: Record-level Security

  1.  Record-level security is often referred to as the Salesforce sharing model, or just simply "record sharing" or "sharing".
  2. Salesforce provides five ways to share records with others and access others' records. You start by configuring org-wide defaults, to lock down your data to the most restrictive level. Then you use the other record-level security tools to grant additional access to selected users when needed.

Types of Record-level Security

1:-Organization- Wide Sharing Defaults

2:- Role Hierarchies

3:- Sharing Rules

     • Ownership-based Sharing Rule

     •Criteria-based Sharing Rule

4:- Manual Sharing

5:- Apex Managed Sharing

Organization-Wide Sharing Defaults

1.      In Salesforce, records have a field called "Ownerld" that points to a real user. Owners of records are usually people who created the record and have full CRUD (create, read, update, delete) access to it.

2.      Organization-wide defaults (OWD) control the default behavior of how every record of a given object (for example, Accounts) is accessed by users who do not own the record.

Role Hierarchies

1.      Typically in an organization, different job roles have different record access requirements. Normally job roles are sorted in a hierarchical way: users with a higher role should have access to records to which users in lower roles have access.

2.      Note that a role hierarchy rarely maps to an org chart. It really maps hierarchies of data access. Salesforce provides an easy way to share records with managers and represent a role hierarchy. To use this sharing rule, an admin must first add the user to a role and grant access.

Sharing Rules

Hierarchy-based sharing only works for sharing upward and in a vertical direction. What if we want to share laterally? For example, what if we want to share records that a user owns with his/her peers in the same team? This is where sharing rules come in. Sharing rules provides a way to share records laterally and in an ad-hoc fashion via public groups.

Let's look into the details.

1.      Ownership-based Sharing Rule

Ownership-based sharing rules let admins share records based on role, role-and subordinate, and public group ownership.

2.      Criteria-based Sharing Rule

Criteria-based sharing rules let users access records based on the value of a field in a record, irrespective of who owns the record.

Manual Sharing

Manual sharing provides a mechanism to share individual records with others. This permission is accessed through the Sharing button on the record details page, and lets end-users share individual record with others.

Please Note: This is only available if the OWD is private or public read-only because otherwise (say public read/ write), you wouldn't need it.

Best practices for data security in Salesforce:

  1. Use strong passwords and enable multi-factor authentication for all users.
  2. Limit access to data and features based on user roles and permissions.
  3. Encrypt sensitive data at rest and in transit.
  4. Regularly monitor and audit user activity, data changes, and system events.
  5.  Keep the Salesforce platform and all integrated applications up to date with the latest security patches and updates.

Conclusion:

In conclusion, Salesforce's data security model offers a robust and comprehensive set of features to protect against unauthorized access, data breaches, and cyber threats. By implementing best practices and adhering to industry standards and regulations, organizations can ensure that their data and customer information remains secure and protected. As the Salesforce platform evolves and new security threats emerge, it is essential to stay up to date with the latest security features, updates, and best practices.



 

Comments

Post a Comment

Popular posts from this blog

Query Five Levels of Parent-to-Child Relationships in SOQL Queries

Image
If you're a developer working with Salesforce, you're likely familiar with the powerful SOQL (Salesforce Object Query Language) tool. SOQL enables you to retrieve data from Salesforce's various objects, including parent and child objects. In this article, we'll explore the process of querying five levels of parent-to-child relationships in SOQL queries. Understanding Parent-to-Child Relationships First, let's briefly review parent-to-child relationships in Salesforce. A parent object is an object that has one or more related child objects. For example, the Account object is a parent object, and the Contact and Opportunity objects are child objects related to Account. Each child object can have its own related child objects, creating a hierarchy of parent-to-child relationships. Query Child-to-Parent Relationships Query child-to-parent relationships, which are often many-to-one, using the dot (.) operator. Specify these relationships directly in the SELECT, FROM, or ...
Read more

"Beginner's Guide to Using Flows in Salesforce for Business Automation"

Image
  Flow is a powerful automation tool for businesses that enables the collection, creation, updating, editing, and deletion of Salesforce data while executing logic and guiding users through data collection and updates. By simplifying complex business processes, Salesforce flows can prevent confusion and chaos. They can also be used to perform tasks such as sending emails, posting on Chatter, and sending custom notifications. Flow can be triggered by record insertion, updates, and deletion, and can run for both before and after events.  There are different types of flows available including  Screen Flow.  Record Triggered Flow.   Schedule-Triggered Flows. Auto Launch Flows. Platform Event Triggered Flow. Fig. 1: Hierarchy of Flow To create a flow, begin by clicking on the "Quick Find box" in Salesforce and searching for "Flows." Next, select "New Flow" to start creating your new flow. Fig. 2: Creating a New Flow When selecting a flow in Salesforce, it...
Read more

"Comparing Apex and Java: Syntax, Features, and Use Cases"

Image
When it comes to developing enterprise-level applications, two programming languages stand out as popular choices: Apex and Java. Both languages have their unique features and benefits, making it difficult for developers to choose one over the other. In this blog, we will take a closer look at Apex and Java, compare their features, and help you decide which language is best suited for your next project. What is Apex? Apex is primarily used for developing customizations and extensions for Salesforce, a popular customer relationship management (CRM) platform. It is used by developers to create custom objects, workflows, triggers, and other components that extend the functionality of Salesforce. Apex can also be used to create standalone web applications, although this is less common. What is Java? Java is a general-purpose, object-oriented programming language that is widely used for developing enterprise-level applications. It is an open-source language that can run on any platform, mak...
Read more