Salesforce Security control , Security Model

In Salesforce Security control is done by system level and Application Level Security. In this article we should able to get knowledge on security control in Salesforce.

Salesforce Security is of two types they are:

i.System Level Security.
ii.Application Level Security.


System Level Security.


Single Sign-On.
Federated Authentication.
Delegate Authentication.


Social Sign –On:

Sales force.
Janrain: provides 25+ different authentication users.

Application Level Security.

Object Level Security.
Field Level Security.
Record Level Security.

Salesforce Security : Object Level

This object level Salesforce Security is also called as “Object Level Permission”. In this section we can control the data. Object Level security is one of the level of the security in salesforce in which we provide or access controlled permission to the prescribed user. Object level security can have the following features.

We can prevent the user from editing, seeing, creating, deleting and managing a particular type of object.
We can hide the entire TAB from a user.

Object Level security can be done in the following Sections.

1.Permission Sets.

Permission Sets : In this Permission sets we define the access level of the user. Generally we determine what a user can do in the applications. These are used to grant additional permission to a user.

Profiles : In Object level Security, Profiles are assigned to the user by system administrator. A profile can be assigned to many users where as a user can have only one Profile.

Salesforce Security :- Field Level

Here we control the user to see, edit, delete of a particular field in the object. In some situation like if we want to grant access control over Object to a user but the user should not be able to access some particular fields in that objects then we go for Field Level Security.

Field Level Security can be controlled by Profiles and Permission sets.

Salesforce Security :- Profile Level

= > Profiles.
Profile which controls below Permissions.
Page Layouts.
IP Ranges.
Login Hours.
Client Access.

= > Permission sets.
Permission sets which gives below functional access.
App Permissions.
Record Types.
Tab Settings.
Assigned Apps.
Object Permissions.
Field Level Security.
Apex Classes
Visual Force Pages

Salesforce Security :- Record Level .

After setting Object and Field Level Security the situation may arise like if a user is eligible to access a particular Record in a Object there we use this sharing method . This can be done by the following settings.

Org Wide Defaults.
Role Hierarchy.
Sharing Rules.
Manual Sharing.
Criteria Based sharing.

Organization-wide-Level Security

Determining Organization wide Defaults is the first step in record level security. This is the most restrictive level of locking the data to a user. Here if we give Read-Only accessibility to a user then the user is only made to Read to a particular Record.

Role Hierarchy.

After setting Organization wide default setting next step is to make settings in Role Hierarchy. Here we can give wider access to a record s with role Hierarchy. In Role Hierarchy we create Role Hierarchies for a organization.

Sharing Rules.

Sharing Rules makes automatic exceptions to organization wide defaults settings for particular users in an organization. Sharing rules can be done by manual sharing, criteria based sharing and Apex managed sharing.

Declarative Features of Record level security.

What objects can I access?
What page layouts can I See?
What fields can I Access?
Which tabs can I view?
Which records types can I see?
Which Apex classes are accessible for me?
Which Visualforce pages can I access?

​Manual Sharing:

Manual Sharing is sharing a single record to single user or group of users.
We can see this button detail page of the record and this is visible only when OWD setting is private.

​Criteria Based Sharing rules:
If we want to share records based on condition like share records to group of users
Whose criteria are country is India.
Setup -> security controls -> sharing settings -> select the object and provide name and
Conditions and save.

Apex sharing:

Share object is available for every object(For Account object share object is AccountShare ). If we want to share the records using apex we have to create a record to the share object.


Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Please check your mail for confirmation.

Leave a Comment

Your email address will not be published. Required fields are marked *

Select Language »