Table of Contents
The easiest way to control data access in Salesforce would be to set permissions on a specific object type. We can restrict specific groups of Users from viewing, editing, creating, or deleting any record of that object.
Object permissions can be managed using either Profiles or Permission Sets.
- Use Profiles to grant the bare minimum access required by a particular group of Users. A User’s Profile determines what data the User can access and what they can do with it.
- Use Permission Sets to grant additional access or permissions.
Profiles and Permission Sets work in conjunction to protect your org data from unauthorized access. They provide a great deal of flexibility regarding object-level access in Salesforce.
Use Profiles to Restrict Access
Every User in Salesforce is assigned a single Profile which determines the data and features they can access within the org. A Profile is a combination of settings and permissions. The settings decide which data the User can view, and the permissions determine what the User can do with the data.
1. Standard Profiles
Salesforce includes a collection of standard profiles. Including, but not limited to :
- Chatter Free User
- Force.com – Free User
- Standard User
- System Administrator
Each standard Profile includes a set of default permissions that cannot be modified. To modify the permissions of a standard profile, we can create a clone of the standard Profile and make changes to the clone. And, voila, you have your custom profile based on your requirements.
2. Managing Profiles
Managing Profiles is child’s play once you get the hang of it. The Profile Overview page is where we can get started.
Open Setup, type Profiles in the Quick Find Box, and click Profiles. You should be directed to a page similar to this!
3. Create a Profile
The simplest way to go about when creating a new profile would be to clone an existing profile and then modify it.
Before we move forward, let’s enable the Enhanced Profile User Interface. The Enhanced Profile UI provides a streamlined experience for managing profiles. From Setup, enter User Management Settings in the Quick Find Box, then select User Management Settings. Enable Enhanced Profile User Interface.
- From Setup, type Profiles in the Quick Find Box, and click Profiles.
- Click Clone next to the Profile closest to the one you want to create.
- Give the new Profile a name, and click Save.
4. Assign a Profile
Let’s assign the Profile we created to a User that matches the Profile. Ensure that Enhanced Profile User Interface is enabled. It makes things way easier. Trust me on this.
- From Setup, type Users in the Quick Find Box, and click Users.
- Click edit next to the User you want to assign the Profile to.
- From the Profile dropdown menu, select the Profile you want to assign.
- Click Save.
Use Permission Sets to Grant Access
Why use Permission Sets to grant additional access when we can modify the custom profile to do the same? Permission Sets enable us to grant additional access without changing the Profile! Let me explain.
- Giving and taking away access is just a click away.
- A User has a single Profile but multiple Permission Sets.
- Granting temporary access to certain org data or objects is a cakewalk now.
- Permission sets are reusable.
1. Manage Permission Sets
Just as with the Profile Overview page, a Permission Set’s Overview page is the doorway for everything related to permission sets.
- Open Setup, type Permission Sets in the Quick Find Box and click Permission Sets.
- Click on the Permission Set you want to inspect, and you should be directed to a page similar to the one below.
2. Create a Permission Set
Creating a permission set to grant additional permission to our Users is relatively easy. Follow along to create a permission set.
- From Setup, type Permission Sets in the Quick Find Box, and click Permission Sets.
- Click Clone next to the permission set you want to create a copy of.
- Enter a Label and a Description.
- Click Save.
3. Assign a Permission Set
Let’s assign the permission set we just cloned to applicable Users in our org.
- Type Permission Sets in the Quick Find Box from Setup, and click Permission Sets.
- Click the Permission Set you want to assign.
- Click Manage Assignments.
- Click Add Assignments.
- Select all the Users you want to assign this permission set to, click Next, then click Assign.
- Click Done to view the current assignments for the permission set.