Introduction to Salesforce Security Model

Introduction to Salesforce Security Model – A Complete Beginner Guide

Salesforce is a powerful CRM platform used by thousands of businesses. One of the key reasons for its success is its robust security model that ensures data is safe, secure, and only visible to the right users.

In this guide, you'll learn everything about the Salesforce Security Model, step by step.

πŸ’‘ What is the Salesforce Security Model?

The Salesforce Security Model is the framework that controls:

  • Who can access the system

  • What data they can see

  • What actions they can perform

The model is flexible, layered, and ensures data is protected at every level.

πŸ”‘ Types of Security in Salesforce

Salesforce provides two main types of security:

1. System Level Security

Controls access to Salesforce as a platform.

2. Data Level Security

Controls access to data (records, fields, objects).

Let’s understand both.

⚙️ System Level Security

πŸ”Ή 1. Login Access

  • IP Restrictions: Limit user logins to trusted IP ranges.

  • Login Hours: Set working hours for users.

πŸ”Ή 2. Password Policies

  • Set rules for password length, complexity, and expiration.

πŸ”Ή 3. Two-Factor Authentication (2FA)

  • Adds an extra layer of security by requiring a code during login.

πŸ“Š Data Level Security

Salesforce gives fine-grained control using:

  1. Object-level security

  2. Field-level security

  3. Record-level security

πŸ” 1. Object-Level Security

This controls what types of records (like Accounts, Contacts, Opportunities) a user can Create, Read, Edit, Delete.

✅ Managed through:

  • Profiles

  • Permission Sets

πŸ“‹ 2. Field-Level Security

Controls which fields within a record a user can see or edit.

πŸ”§ Example:

  • A user can access the Contact record but not see the “Phone Number” field.

✅ Set via:

  • Field-Level Security in Profiles

  • Permission Sets

πŸ“„ 3. Record-Level Security

Controls which specific records a user can access.

Salesforce uses several tools to manage this:

πŸ—️ Record-Level Access Tools

1. Organization-Wide Defaults (OWD)

Defines the default access for records.

Options:

  • Private (most restrictive)

  • Public Read Only

  • Public Read/Write

  • Controlled by Parent

Example:
If OWD for Account is Private, users can only see records they own unless shared.

2. Role Hierarchy

Gives access upward in the hierarchy.

πŸ“Œ Example:

  • A manager can see records owned by their team.

  • Users higher in the role hierarchy inherit access.

3. Sharing Rules

Grant additional access to groups of users.

You can:

  • Share records based on criteria (Criteria-Based Sharing)

  • Share between roles (Role-Based Sharing)

Example:
Share all “High Priority” cases with the Support Manager role.

4. Manual Sharing

Let users manually share their records with others.

Best for:

  • One-off sharing needs

  • User-controlled access

5. Teams (Account/Opportunity/Case Teams)

Let multiple users collaborate on the same record with different access levels.

Example:

  • Sales Rep: Read/Write

  • Sales Assistant: Read Only

6. Apex Sharing

Programmatic way to share records using code (Apex).

Useful when:

  • Complex logic is needed

  • Standard sharing rules aren’t enough

πŸ‘₯ Profiles and Permission Sets – What's the Difference?

FeatureProfilePermission Set
PurposeBase accessAdditional access
UsersOne profile per userMultiple permission sets allowed
ExampleSales Profile“Edit Reports” permission set

πŸ” Summary of Key Security Tools

ToolControlsLevel
Login IP/HoursLogin accessSystem
ProfilesObject & field accessData
Permission SetsAdditional accessData
OWDRecord access defaultsRecord
Role HierarchyUpward accessRecord
Sharing RulesGroup-level accessRecord
Manual SharingOne-off accessRecord
Apex SharingCode-based accessRecord

✅ Best Practices for Salesforce Security

  • Always use least privilege (give only required access)

  • Regularly review roles and permissions

  • Use permission sets for flexibility

  • Enable 2FA for sensitive users

  • Avoid making everything public

  • Keep your OWD Private, then open access as needed

🎯 Final Words

The Salesforce Security Model is layered and flexible, ensuring that your organization’s data is well protected. By using the right combination of:

  • Profiles

  • Roles

  • Permission Sets

  • Sharing Rules

… you can keep your CRM secure and efficient.


 Learn Salesforce Development Training Course

Read More




Comments

Post a Comment

Popular posts from this blog

Tosca System Requirements and Installation Guide (Step-by-Step)

Tosca System Requirements and Installation Guide (Step-by-Step) Tricentis Tosca is a powerful test automation tool. Before installing it, you need to make sure your system meets certain requirements. This guide will walk you through: System Requirements Prerequisites Step-by-Step Installation Activation and First Launch ✅ 1. System Requirements for Tosca (as of 2025) πŸ–₯️ Operating System Windows 10 (64-bit) Windows 11 (64-bit) Windows Server 2016 / 2019 / 2022 ❗ Tosca does not support Mac OS or Linux natively. πŸ“¦ Software Requirements .NET Framework 4.8 or later Microsoft Visual C++ Redistributables (2015–2022) Microsoft Office (for Excel integration, optional) Admin rights for installation πŸ§ͺ Browser Support (for testing web apps) Google Chrome (latest) Microsoft Edge (Chromium-based) Mozilla Firefox (limited support) Tosca also supports browser automation through TBox and XScan engines. πŸ› ️ 2. Prerequisites Before...
Read more

How to Install Selenium for Python Step-by-Step

 How to Install Selenium for Python: Step-by-Step Guide πŸ§ͺ Introduction Selenium is one of the most powerful and widely used automation tools for testing web applications. It's open-source, supports multiple programming languages—including Python—and enables automated browser interaction. This article provides a step-by-step guide to installing Selenium with Python on your system in 2025. πŸ“Œ What Is Selenium? Selenium is a suite of tools that allows you to automate browsers. It supports: Cross-browser testing (Chrome, Firefox, Safari, Edge) Web scraping (in some cases) Regression and functional testing Integration with test frameworks like PyTest and Unittest ✅ Prerequisites Before starting, make sure: Python is installed on your system pip (Python package installer) is available A web browser (like Chrome or Firefox) is installed Internet connection is active πŸ“ Step 1: Install Python (If Not Already Installed) πŸ”½ Windows: Go to the official Python website: πŸ‘‰ https://www.python.o...
Read more

Tosca Commander: A Beginner’s Overview

Tosca Commander: A Beginner’s Overview Tosca Commander is the main interface for working with Tosca , a popular tool used for automated software testing . If you're starting your journey with Tosca, understanding Tosca Commander is your first big step . Let’s break it down in simple terms. πŸ’‘ What Is Tosca? Tosca is an automation tool developed by Tricentis . It helps QA teams automate functional and regression testing for web, desktop, mobile, and APIs — without writing code . 🧭 What Is Tosca Commander? Tosca Commander is the graphical user interface (GUI) of Tosca. It’s where you create, manage, and execute your tests. Think of it as the "control panel" for all your test automation activities. πŸ–₯️ Tosca Commander Interface Overview The main areas in Tosca Commander: Section Purpose Project Root The starting point of all your work Modules Reusable blocks for interacting with the application under test (AUT) Test Cases Actual automated tests you cre...
Read more