Data Security Flashcards
Manage Users
Every Salesforce user is identified by a username, a password, and a single profile. Together with other settings, the profile determines what tasks users can perform, what data they see, and what they can do with the data.
Manage Object Permissions
The simplest way to control data access is to set permissions on a particular type of object.
ou can set object permissions with profiles or permission sets. A user can have one profile and many permission sets.
A user’s profile determines the objects they can access and the things they can do with any object record (such as create, read, edit, or delete).
Permission sets grant additional permissions and access settings to a user.
Profiles to Restrict Access
Each user has a single profile that controls which data and features that user has access to. A profile is a collection of settings and permissions. Profile settings determine which data the user can see, and permissions determine what the user can do with that data.
Standard Profiles
The platform includes a set of standard profiles. Some examples are:
Read Only
Standard User
Marketing User
Contract Manager
System Administrator
Each standard profile includes a default set of permissions for all standard objects available on the platform.
You can’t edit the object permissions on a standard profile.
using permission sets for two general purposes
Grant access to custom objects or apps.
Grant permissions to specific fields.
simplest way to control data access
is to set permissions on a particular type of object.
A user’s profile determines
the objects they can access and the things they can do with any object record (such as create, read, edit, or delete).
Profiles to Restrict Access
Each user has a single profile that controls which data and features that user has access to. A profile is a collection of settings and permissions. Profile settings determine which data the user can see, and permissions determine what the user can do with that data.
Permission Sets
A permission set is a collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles.
Managing Permission Sets
A permission set’s overview page is the entry point for all of the permissions in a permission set. To open a permission set overview page, find Permission Sets in Setup, then select the permission set you want to view. In each permission set, permissions and settings are organized into app settings, system settings, object permissions, and field permissions
Record-Level Security
Record access determines which individual records users can view and edit in each object they have access to in their profile.
Basis of visibility and access for any type of data
A user’s baseline permissions on any object are determined by their profile.
If the user has any permission sets assigned, these also set the baseline permissions in conjunction with the profile.
Access to records a user does not own are set first by the org-wide defaults.
If the org-wide defaults are anything less than Public Read/Write, you can open access back up for certain roles using the role hierarchy.
You can use sharing rules to expand access to additional groups of users.
Each record owner can manually share individual records with other users by using the Share button on the record.
Org-Wide Sharing
Org-wide defaults specify the baseline level of access that the most restricted user should have.
sharing rule components
Share which records?
With which users?
What kind of access?
Share which records
Criteria-based sharing rules determine what records to share based on field values other than ownership.