Salesforce's record-level security allows users to access only a few object records. Every record/data belongs to the user, and he or she has complete control over it. In a hierarchy, the users at the top always have access to the same resources as the users at the bottom. Users will have access to records that have been shared with them as well. Set your OWD (Org Wide Default) sharing settings and construct a hierarchy before creating sharing rules in Salesforce to define record-level security. We can easily adjust profile and permission settings in Salesforce Org using roles. The user's objects and field-level access authorization are controlled by the profile and permission. Through role hierarchy and sharing rules, the roles govern the user's record-level security. Let us start learning record-level security in Salesforce.
A role defines the data access levels to a single user or a group of users. The role ensures that the senior level users have the same level of access to data as the juniors, other than OWD(Org Wide Default) settings.
Log in to Salesforce Org → Setup → Administer→ Manage Users →Roles → Set Up Roles→COO → Assign.
Role in Salesforce
Wish to make a career in the world of salesforce? Start with HKR'S salesforce online training !
The “Organisation's Role Hierarchy” tree structure is depicted in the diagram below. You can look at the "Default Hierarchy Setup by Salesforce" if you select "Expand All." Following that, we must assign the roles to the user at the appropriate level.
Creating a Role Hierarchy
Consider the following scenario: we have two users, one for a senior position and the other for a junior position. We will provide all of the access that a junior has to the senior-level user so that we can fully comprehend the hierarchy of access to the records.
At the “COO-level,” User-1 is added. Go to the next screen by clicking “Assign” next to the COO level. You can now see all available users in the organization by clicking on "Available Users Search" and setting it to "All Users". Select the User and assign User-1, then click the Add button. The User will instantly shift to the right column. Then, as seen in the image below, save it.
To view the user assigned to the COO level, click on it..
COO-level in Role
Log in to Salesforce Org → Setup → Administer →Manage Users→ Roles→ Set Up Roles → COO → Add Role.
Create User-2 in the Role section.
To add a junior level, click the "Add Role" button under the "COO Level". Fill in the details and click Save.
Create User-2 in the Role section.
The Role has now been created, but no one has been assigned to it. Let's add User-2. Select "Assign User to Role," then "Available Users Search," and then "All Users." You may now see all of the organization's available users. When you select a User and click the Add button, the User is automatically moved to the right column. Save it as indicated in the illustration below.
Create User-2 in the Role section.
Get ahead in your career with our salesforce Tutorial
The user is created
Now go to the user level and browse through the access levels. The user has access to all of the senior's records and has the ability to edit, create, and delete them.
In a unique situation, the senior individual will be unable to view the records of the junior employee.
Log in to Salesforce Org → Setup → Administer → Security Controls → Sharing Settings→ Manage sharing setting for - Application(eg: Naukri.com Job Form) → Organization-Wide Defaults → Edit → Application(eg: Naukri.com Job Form) → Private (checkbox) option - uncheck.
User-created in Role security
Sharing rules allow you to automatically apply exceptions to Org-wide sharing policies for a group of users, giving them access to records they don't own or view. Sharing rules are used to give the user more access to the data than the OWD settings, and they are not as rigid as the OWD settings.
Steps to create Sharing Rule:
Log in to Salesforce Org → Setup→ Administer→ Security Controls→Sharing Settings →Sharing Rules →New.
Steps to create Sharing Rule
There are five steps to complete on the screen below.
Steps for Creating Sharing Rule
The following is how the sharing rule is created:
Depending on the owner of the record - (For example, the record's owner has an XYZ position that he or she shares with the ABC role holder.)
Criteria-based - (for example, We could share the records with the desired person based on the criteria).
In some cases, granting access to a group of users to specific records is not possible. Only the owner of the record can manually share access with the user in this case. Other than sharing settings, sharing rules, and responsibilities, it is not automated. It only allows you to share access to records with people who don't have access to the owner of the record.
Steps to create Manual Sharing:
Log in to Salesforce Org→ Select the required object → New Entry → After Save “Sharing Button” Enables → Add → Selects users from the list → select the necessary user → Save. The below figure determines each step in detail.
Steps to create Manual Sharing
Steps to create PG:
Setup → administer → manage users → public groups → New.
Fill in the required fields on the screen and select “Grant Access Using Hierarchies” according to your needs. Select the needed (e.g., Users) and the necessary users to assign for the “Public Groups” in the search menu (e.g., Appointment PG). The steps are depicted in the diagram below.
Steps to create a Public Group
Setup→ administer→ security controls→ sharing settings→ select the required object >> create a new sharing rule → continue to 5 steps in the sharing rule → save.
Step-by-step instructions are shown in the illustration below:
Public Group created
Click here to get frequently asked Salesforce interview questions & answers
When we want to share a record with a group of users so that they can read/write the record.
The owner is changed, and queue members will become the new, combined owner.
It is required to mention the object names.
Steps to create Queue:
Setup → administer → manage users → queue → New.
Fill in the needed fields on the screen, then tick the box that says "Send Email To Members" if necessary.
Then, choose the required "Object" and add it.
After that, go to Queue Members and choose the necessary users from the list before saving.
The steps are depicted in the illustration below.
Steps to create Queue
Steps for using the Queue created:
Select “Naukri.com JobForms” → Select a record from the list → select the “change,” in the owner(field) → Select owner as “Queue,” from the dropdown list, Next Click on the “Magnifying Glass” and Select the “Queue” created(e.g., Appointment Queue) and Save.
The following illustration depicts the technique in deta
Steps to use the Queue
Thus by reading this blog, we have learned the concepts of record level security with implementation steps which include the role, sharing rule, manual sharing, public group, and queue.
Batch starts on 31st Mar 2023, Fast Track batch
Batch starts on 4th Apr 2023, Weekday batch
Batch starts on 8th Apr 2023, Weekend batch