Hello Friends,
Welcome to Talk#6. Today I am going to explain the basics of data security in salesforce.
Data is always very important for any type of business. And above to this, securing data is most important. Because if data is misused/any unauthorized access to data can lead to failure of business. Salesforce understand the priority of data and gives all flexibility to manage the customer data safely and securely.
In Salesforce you can manage your data at various layers. This layered sharing model gives the flexibility to set sharing model for different set of data to different users/group of users.
The sharing layers can be categorized as following;
- Organization level
- Object level
- Fields level
- Record level
In simple terms it works like,
let’s take an example of a student. Until unless the student takes admission, he/she won’t be able to enter into the school. So, this admission gives the student access to school or authorize the student to enter into school. This can be considered as Org level access. Here school is the Org.
Then once the student took the admission, he/she will use class room, library etc. But then he/she should not allow to enter administrative room or teacher’s room. So, this is called as Object level access. Here class room, library, teacher’s room, etc can be considered as one one object.
Then let’s come to one level down. Here let’s take an example of class room details. The student can know the class room name, class teacher name, but he/she shouldn’t have access to the information like how many seats are available and out of which how many are for donation level seats, class teacher salary etc. So, this is called as field level access.
Then comes to most interesting part, i.e. record level access. As we discussed earlier, we have considered class room as an object. So, the record will be KG Class room, LKG class room, Drawing class room, etc. So, if the student is LKG standard then he/she should seat in LKG Class room, not in KG Class room., something like that.
Let’s talk above explanation in terms of Salesforce standard.
Suppose there is a finance company named ‘ABC Finance’. Now ABC Finance wants to handle the CRM part in salesforce. ABC Finance has various sectors but they want only the Motor Insurance sector to use salesforce.
In Salesforce let’s set the Company name as ‘ABC Motor Insurance’. It’s the Org. To access this org, you need to create user of the company employees. Even you can set password policies, login hours (suppose employee work in shift and you don’t want to allow employees to login into the org after office hours), etc. In this way you are setting up the Org level access. Organization level access is created by maintaining a list of authorized users, setting password policies, and limiting login access to certain hours and certain locations.
As this is a motor insurance company, it’s has Branch office, Zone headquarter, Area headquarter, etc. So, we will use Account object to store office details. Now we can set who all can access this object using object level access. It is done by setting permission on a particular object by allowing selective viewing, editing or deleting of any object in that record.
Then in Account, there are various information like Account Name, Account Type, Address, etc. We can store these information using fields and we can set field level access to define if one can view/edit/delete the information stored in the corresponding fields. This is called as field level access. Field level access is used to restrict access of users to certain fields even when the user has access to the object containing the field.
We have now object and corresponding fields. Now it’s time to create data using object and fields. Suppose you create an Account record with name as ‘Pune Zone HQ’ and filled all information in the fields like address, type, etc. Now you want to set various access on the account record, like you want particular group of employees can only see only some specific account records and particular employees can modify the Account details. So, this can be achieved using record level access. The record access level permits the user to access only certain records of an object.
In our next talk, I will explain how to set organization level access in detail.
#HappyLearning 🙂
JPs Blog 