Security Model In Salesforce: Data Security- 1

As mentioned in previous post(Security Model In Salesforce: Overview) that Salesforce classify Data security in 3 parts :

  1. Object/Profile Level security
  2. Record Level Security
  3. Field Level Security

We will talk about Object/Profile Level security in this article. Thus, in case of Object level security there are 2 different things which can be used to give or restrict access for the different users in a Salesforce Org which are:

1. Profiles
2. Custom Permission sets
Profiles provides basic Object level security in SFDC. It also defines access to Fields, tabs etc. We can also assign different page layouts to different profiles for all objects. We can also provide field level security in profiles.
A new profile can only be created by cloning the Existing profiles in Salesforce and then updating the permissions for different Object accordingly.

Below are the different things can be controlled by profiles in SFDC :

1. Page Layouts.
2. VisualForce Pages.
3. IP Ranges.
4. Flow Accoess.
5. Login Hours.
6. Desktop.
7. Client Access.
8. Apex Class.
9. Record Type Settings.

Custom Permission sets can provide additional set of  access to the Users in SFDC. we can only have 1 Profile per user and multiple users can have same profile but we can assign multiple permission sets to the 1 User only. Permission sets cannot restrict/reduce the access level of the user it can only grant additional access.

Learn More: Security Model In Salesforce: Overview