Salesforce Data Security Model

Data security is a matter that is critical to an organization and its customers when it comes to using a CRM platform. While an organization will never want an unauthorized user to access the records created and stored within the database, the customers will always want their valuable information to be kept private and safe.

Keeping this in mind, Salesforce provides all its users with an extensive data security model aimed at helping the users keep their data safe. It also provides the users with sharing tools for opening up and allowing secure access to Salesforce data based on specific business needs.

When it comes to security, the Salesforce data model involves three major layers – object-level security, field-level security, and record-level security. Broadly, all data within Salesforce is stored in the constructions of objects, fields, and records. While the objects are comparable to tables within the database, the fields are similar to columns of a table, and the records are similar to the rows of a table.

Object-level Security

This is the first level of the Salesforce data security model. Before Salesforce allows a user access to the platform, it ensures that the user has permissions to see the Salesforce objects of the concerned type. Access to specific objects can be managed via two major configurations – profiles and permission sets.

Profiles

User profiles in Salesforce allow administrators to control object-level and field-level security within the platform along with monitoring access to apps, tabs, etc.

When a new employee joins an organization, the Salesforce Admin would add them to an appropriate profile that has an access to relevant objects. This changes over time according to the changing role and needs of the concerned employee.

Permission Sets

If an Admin wants to provide an object’s access to a specific user who is already in a different profile, they can do so with the help of permission sets. The permission sets allow special access to a Salesforce object only to a specific user to access relevant data and carry out the required processes.

Field-level Security

This is the second layer of the Salesforce data security model. Even after getting access to a specific object, a user still needs to access all the fields contained in the concerned object.

Just like object-level access, Salesforce profiles can also be used for controlling field-level access of a user. The Salesforce Admin has the power to provide read and write permissions to specific users for specific Salesforce fields. Admins can also choose to completely hide specific fields from a user if they find the need to do so.

Record-level Security

When a user gets access to a specific Salesforce object and its fields, by default, they can only access the records they created themselves. However, if the user reports to a senior and has different subordinates reporting them, Salesforce provides them with different record-sharing rules for obtaining and providing access to specific records.

Here are the five major types of Salesforce record-level security rules:

1. Organization-wide sharing defaults

2. Role hierarchies

3. Sharing rules (ownership-based and criteria-based)

4. Manual sharing (for Salesforce Classic only)

5. Apex-managed sharing

This way, Salesforce ensures that the security of a database is maintained. The platform allows Salesforce Admins to control access and permission to all the objects, fields, and records within a database in an organized manner. This reduces the scope of error and unauthorized access to a great extent.

The Salesforce data security model is designed to allow the users to work on a secure platform and assure the clients/customers that the privacy of all their valuable details is intact.