Salesforce is recognized as the world’s leading CRM (Client Relationship Management) provider. Salesforce is a cloud-based CRM that is used by organizations across the world. But when the security team hears the word ‘ cloud’ they seem to tense up, as things may go wrong if important data gets hacked. This is a valid concern as data security is an essential part of every business. But Salesforce provides a strong Security model to certify the security of each and every data of every organization.
Salesforce Data Security Model can be divided into four levels.
- Organization Level
- Objects Level
- Field Level
- Record Level
CloudVandana is giving a detailed description of each level.
1. Organizational Level Security
The security of the organizational level decides when and from where the users can access the files.
1. IP Restrictions- IP restrictions can be set for every user. Using trusted IP ranges, admins can restrict the access of the users. If the users attempt to log in outside of the range, they will be asked to complete two-factor authentication.
2. Login Access- Admins can set the limit of hours when users can log in depending on their profile.
3. Password Policies- Users can specify an amount of time before all users’ passwords expire and the level of complexity required for passwords. Admins can set the settings of password to expire for all the users in the organization except for users with ‘password never expires’ permission after specified days.
2. Object Level Security
1. Profile- Object-level security is controlled by a profile allocated to a particular user. Profile dominates objects that a user can see and work on these objects, this setup is called CRED (Create, Read, Edit, Delete)
2. Permission- Permission sets settings are used when additional permission is needed to provide the users who are already assigned a profile.
3. Field Level Security
Field level security only restricts access, this level of security cannot grant permission. For example, if the support profile has read and edit permissions on the contact object and read-only field-level permissions on a field in the contact object, then users are assigned to support the profile that will only have read access to that particular field.
4. Record Level Security
There are four different factors that control the security of the record level.
Organization-Wide Sharing Defaults:
The administrators will have full access to a record. Admins use organization-wide defaults to lock down data and then use the other record-level security and sharing tools to open up the data users who actually need the data. To regulate OWD (Organization-Wide Default) for the task, admins need to ask few questions about each object.
Users can access the data directly from the ‘hierarchy’. In this feature, users can view, edit or report data owned by or shared with them. If the ‘Grant Access Using Hierarchy’ option is not enabled, then only the record owner and users with granted permissions are allowed to access the data record. ‘Role Hierarchy’ gives vertical access to records.
Admins can use the sharing rules to expand sharing permission to users in public groups or roles. Sharing rules give horizontal access to records across your organization.
Manual sharing is used to handle exception cases where access to a specific record needs to be given to a specific user. Sharing button is provided on the records page for manual sharing.
This is the overview of Salesforce data security. To know more about the details of Salesforce data security, or any Salesforce-related queries, feel free to take a consultation call with CloudVandana.