Salesforce Record Level Security

Salesforce's record-level security allows users to access only a few object records. Every record/data belongs to the user, and he or she has complete control over it. In a hierarchy, the users at the top always have access to the same resources as the users at the bottom. Users will have access to records that have been shared with them as well. Set your OWD (Org Wide Default) sharing settings and construct a hierarchy before creating sharing rules in Salesforce to define record-level security. We can easily adjust profile and permission settings in Salesforce Org using roles. The user's objects and field-level access authorization are controlled by the profile and permission. Through role hierarchy and sharing rules, the roles govern the user's record-level security. Let us start learning record-level security in Salesforce.

What is Role?

A role defines the data access levels to a single user or a group of users. The role ensures that the senior level users have the same level of access to data as the juniors, other than OWD(Org Wide Default) settings.

How to create a Role?

Step to create Role:

Log in to Salesforce Org → Setup → Administer→ Manage Users →Roles → Set Up Roles→COO → Assign.

Create role

 Role in Salesforce

Wish to make a career in the world of salesforce? Start with HKR'S  salesforce online training !

Salesforce Training

  • Master Your Craft
  • Lifetime LMS & Faculty Access
  • 24/7 online expert support
  • Real-world & Project Based Learning

The “Organisation's Role Hierarchy” tree structure is depicted in the diagram below. You can look at the "Default Hierarchy Setup by Salesforce" if you select "Expand All." Following that, we must assign the roles to the user at the appropriate level.

Creating a Role Hierarchy

                                                                    Creating a Role Hierarchy

Consider the following scenario: we have two users, one for a senior position and the other for a junior position. We will provide all of the access that a junior has to the senior-level user so that we can fully comprehend the  hierarchy of access to the records.

At the “COO-level,” User-1 is added. Go to the next screen by clicking “Assign” next to the COO level. You can now see all available users in the organization by clicking on "Available Users Search" and setting it to "All Users". Select the User and assign User-1, then click the Add button. The User will instantly shift to the right column. Then, as seen in the image below, save it.

Role created in Salesforce

Role created in Salesforce2

Role created in Salesforce3

To view the user assigned to the COO level, click on it..

COO-level in Role

                                                                                COO-level in Role

How do I create User-2 for the newly created Role?

User-2 should be created in the Role:

Log in to Salesforce Org → Setup → Administer →Manage Users→ Roles→ Set Up Roles → COO → Add Role.

Step to create User-2 under the Roles

                                                 Create User-2 in the Role section.

To add a junior level, click the "Add Role" button under the "COO Level". Fill in the details and click Save.

Steps to create user under role2

                                                                     Create User-2 in the Role section.

The Role has now been created, but no one has been assigned to it. Let's add User-2. Select "Assign User to Role," then "Available Users Search," and then "All Users." You may now see all of the organization's available users. When you select a User and click the Add button, the User is automatically moved to the right column. Save it as indicated in the illustration below.

Steps to create user under role2

                                                          Create User-2 in the Role section.

Get ahead in your career with our salesforce Tutorial  

The user is created

Now go to the user level and browse through the access levels. The user has access to all of the senior's records and has the ability to edit, create, and delete them.

User-created in Role security


In a unique situation, the senior individual will be unable to view the records of the junior employee.

Log in to Salesforce Org → Setup → Administer → Security Controls → Sharing Settings→ Manage sharing setting for - Application(eg: Job Form) → Organization-Wide Defaults → Edit → Application(eg: Job Form) → Private (checkbox) option - uncheck.

User-created in Role

                                                                       User-created in Role security

What exactly is the Sharing Rule?

Sharing rules allow you to automatically apply exceptions to Org-wide sharing policies for a group of users, giving them access to records they don't own or view. Sharing rules are used to give the user more access to the data than the OWD settings, and they are not as rigid as the OWD settings.

How to create a Sharing Rule?

Steps to create Sharing Rule:

Log in to Salesforce Org → Setup→ Administer→ Security Controls→Sharing Settings →Sharing Rules →New.

Steps to create sharing Rule

                                                               Steps to create Sharing Rule

There are five steps to complete on the screen below.

Steps to create Sharing Rule2

                                                     Steps for Creating Sharing Rule

Subscribe to our youtube channel to get new updates..!

Types of Rules:

The following is how the sharing rule is created:

Depending on the owner of the record - (For example, the record's owner has an XYZ position that he or she shares with the ABC role holder.)


Criteria-based - (for example, We could share the records with the desired person based on the criteria).

What is Manual Sharing?

In some cases, granting access to a group of users to specific records is not possible. Only the owner of the record can manually share access with the user in this case. Other than sharing settings, sharing rules, and responsibilities, it is not automated. It only allows you to share access to records with people who don't have access to the owner of the record.

How to create a Manual Sharing?

Steps to create Manual Sharing:

Log in to Salesforce Org→ Select the required object → New Entry → After Save “Sharing Button” Enables → Add → Selects users from the list → select the necessary user → Save. The below figure determines each step in detail.

Steps to create Manual Sharing

                                                                             Steps to create Manual Sharing

What is a Public group?

  • When we wish to share a record with a group of people so they can read and write it.
  • After sharing, the owner of the records remains the same.
  • It is not necessary to provide the names of the objects.

Steps to create PG:

Setup → administer → manage users → public groups → New.

Fill in the required fields on the screen and select “Grant Access Using Hierarchies” according to your needs. Select the needed (e.g., Users) and the necessary users to assign for the “Public Groups” in the search menu (e.g., Appointment PG). The steps are depicted in the diagram below.

Steps to create a Public Group

                                                                     Steps to create a Public Group

The following are the steps to using the public Group that has been created:

Setup→ administer→ security controls→ sharing settings→ select the required object >> create a new sharing rule → continue to 5 steps in the sharing rule → save.

Step-by-step instructions are shown in the illustration below:

Public Group created

                                                        Public Group created

Click here to get frequently asked Salesforce interview questions & answers

What is Queue?

When we want to share a record with a group of users so that they can read/write the record.

The owner is changed, and queue members will become the new, combined owner.

It is required to mention the object names.

How to create a Queue?

Steps to create Queue:

Setup → administer → manage users → queue → New.

Fill in the needed fields on the screen, then tick the box that says "Send Email To Members" if necessary.

Then, choose the required "Object" and add it.

After that, go to Queue Members and choose the necessary users from the list before saving.

The steps are depicted in the illustration below.

Steps to create Queue

                          Steps to create Queue

Salesforce Training

Weekday / Weekend Batches


How can a Queue be used?

Steps for using the Queue created:

Select “ JobForms” → Select a record from the list → select the “change,” in the owner(field) → Select owner as “Queue,” from the dropdown list, Next Click on the “Magnifying Glass” and Select the “Queue” created(e.g., Appointment Queue) and Save.

The following illustration depicts the technique in deta

Steps to use the Queue

                                                                                      Steps to use the Queue


Thus by reading this blog, we have learned the concepts of record level security with implementation steps which include the role, sharing rule, manual sharing, public group, and queue.

Related Articles:

Find our upcoming Salesforce Training Online Classes

  • Batch starts on 28th Sep 2023, Weekday batch

  • Batch starts on 2nd Oct 2023, Weekday batch

  • Batch starts on 6th Oct 2023, Fast Track batch

Global Promotional Image


Request for more information

Saritha Reddy
Saritha Reddy
Research Analyst
A technical lead content writer in HKR Trainings with an expertise in delivering content on the market demanding technologies like Networking, Storage & Virtualization,Cyber Security & SIEM Tools, Server Administration, Operating System & Administration, IAM Tools, Cloud Computing, etc. She does a great job in creating wonderful content for the users and always keeps updated with the latest trends in the market. To know more information connect her on Linkedin, Twitter, and Facebook.