- Salesforce Blogs -

The Security model in Salesforce - What Do You Need To Know?


To properly give security demonstrate that fulfills all the unique and real-life business issues, Salesforce gives an exhaustive and flexible information security model to verify data at very surprising dimensions. Salesforce also gives sharing tools to open up and enable secure access to information supported business needs. In this blog, we shall discuss the security model in Salesforce along with the Salesforce security model diagram and Salesforce security model best practices. For a better understanding, we have divided the blog into the following sections-

Overview of Security model in Salesforce

Let’s start with a general overview and talk about what is the security model in Salesforce. Salesforce limits information presentation to keep up the security on different dimensions. Salesforce makes verification of users to maintain a strategic distance from information access by unapproved users. For a user validation, Salesforce assembles a mix of verification techniques that are reasonable for hierarchical need just as the users need. It might incorporate Password, Two-Factor Authentication, Network-based security, Session security and so forth.

Salesforce possesses the ability to declare different sharing tenets for various dimensions.

Levels of Data Access in Salesforce

You can control which users approach which information in your entire organization, a particular article, a particular field, or an individual record.

Levels of Data Access in Salesforce

  • Organization: For your entire organization, you can keep up a list of approved users, set password approaches, and limit logins to specific hours and/or areas.
  • Objects: Access to object-level information is the most straightforward thing to control. By setting consents on a specific sort of item, you can keep a gathering of users from creating, viewing, altering, or erasing any records of that object. For instance, you can utilize object authorizations to guarantee that interviewers can see positions and employment applications however not alter or erase them.
  • Fields: You can confine access to specific fields, regardless of whether a client approaches the item. For instance, you can make the compensation field in a position object imperceptible to interviewers however visible to procuring supervisors and enrolment specialists.
  • Records: You can enable specific users to see an item, yet then limit the individual article records that they're permitted to see. For instance, an interviewer can see and alter her own surveys, yet not the audits of different interviewers. You can oversee record-level access in these four different ways.
  • Organization-wide defaults indicate the default dimension of access users have to every others' records. You use organization-wide sharing settings to secure your information to the most prohibitive dimension, and afterward utilize the other record-level security and sharing instruments to specifically offer access to different users.
  • Role hierarchies give access for users who are higher in the chain of command to all records possessed by users who are underneath them in the organizational order. Job progressive systems don't need to coordinate your association outline precisely. Rather, every job in the progression ought to speak to a dimension of information access that a user or a team of users needs.
  • Sharing rules are programmed special cases to association-wide defaults for specific gatherings of users, so they can get to records they don't claim or can't ordinarily observe. Sharing rules, similar to job orders, are just used to give extra users access to records. They can't be stricter than your association-wide default setting.
  • Manual sharing enables proprietors of specific records to impart them to different users. Albeit manual sharing isn't mechanized like organization-wide sharing settings, job orders, or sharing tenets, it tends to be helpful in a few circumstances, for example, when an enrolment specialist who is taking some time off has to assign his records to some other person so that the workflow is not disturbed.

Now that we know what is the security model in Salesforce and the levels of data access, let’s move ahead and discuss how it works.

Salesforce Training For Administrators & Developers

Read: What is Standard Controller in Salesforce?
  • No cost for a Demo Class
  • Industry Expert as your Trainer
  • Available as per your schedule
  • Customer Support Available

How Data Security in Salesforce Works?

Working up of the Salesforce Data security is separated into layers specifically, which is shown in the Salesforce security model diagram below. We will discuss them in detail along with Salesforce security model best practices-

How Data Security in Salesforce Works? 

In order to understand this Salesforce security model diagram, let us assume a specific scenario. Jenny is a working lady. She is an accomplished pioneer who has joined the XYZ association recently. She additionally has extensive experience with marketing and she reports specifically to the CEO of the organization.

Object Level of Security Model in Salesforce

In Salesforce, profiles control access to the object level and field-level security among elective things like applications, tabs, etc.

Since Jenny is a new recruit, the partner administrator needs to add Jenny to the worthy profile that has access to the sales applications and related items to begin giving her access to the Salesforce information. Object-level-security

Permission sets in Object Level

Since Jenny includes a marketing foundation, suppose she needs to get to the campaign object to help with advertising. Be that as it may, since she is as of now an essential constituent of the business profile, on the off chance that an administrator includes CRUD (Create, Read, Update, and Delete) to Campaigns, at that point everybody inside the profile can get to Campaigns. The administrator needs to allow authorization to get to Campaigns just to Jenny. this is the place consent sets come in. Consent sets are utilized to give further (typically unique) authorizations to users who are now in a profile. For our situation, an administrator needs to deliver an authorization set that gives access to the Campaigns object and allocate that consent set to Jenny. Salesforce Data Security permission

Read: How To Create a Custom Object TABS In Salesforce.Com?

Field-level Security Model in Salesforce

Regardless of whether Jenny has the opportunity to get to every one of the things, it's not adequate for her, despite everything she needs access to singular fields of each item. In Salesforce, profiles likewise control field-level access. An administrator will give examine and compose consents to singular fields. an administrator can likewise set a field to cover up, completely concealing the field to that client. Aside from the access level of the field, Salesforce permits field-level security by setting some field properties as given below:

  1. Unique property: If this property is checked then salesforce keeps that field from duplicates.
  2. External ID (Considered in Data Management: An outer ID field contains record identifiers from a framework outside of Salesforce. For each item in salesforce can have custom fields, we can set up auto-number, email, number, or content fields as outside IDs.
  3. Required property: This property makes the field required everywhere in Salesforce. This property isn't accessible for outside objects.

Record-Level Security Model in Salesforce

With basically object-level access and field-level access, Jenny can exclusively get to records that she possesses (that is, records made by her). Be that as it may, on the off chance that you take a gander at the association structure, she reports to marc (CEO) and has 2 deals reps (Wendy and Bob) reporting to her.

Salesforce enables you to impart your records to others setting authorizations like Full access, Read/Write, Read just and private access. In Full access client can alter, erase, exchange and view the record. The client can even stretch out sharing access to different users. In reading/Write get to the client can perform just Read or compose activities on record. In reading, just mode clients can just view the record. In private mode, the record isn't imparted to some other client.

  1. Describe OWD (Organization-Wide Default): Organization-wide sharing settings determine the default dimension of access to records and can be set independently for contacts, contacts, accounts, exercises, resources, battles, cases, drives, openings, requests, and custom objects.
  2. Record sharing using Roll-Hierarchy:

We can characterize a client's job chain of importance that can be used with sharing settings to decide the dimensions of access that users have for the information. These jobs inside the chain of importance influence access on key segments, for example, records and reports. 

Salesforce Record Level Data Security

Organization-wide sharing defaults In Salesforce, records have a field known as "OwnerId" that focuses on a genuine client. proprietors of records are ordinary individuals who made the record and have full CRUD access to it. Salesforce gives elective manners by which to consequently dole out proprietorship to users and to exchange possession from one client to an alternate client free salesforce demo Organization-wide defaults (OWD) control all the conduct of how every single record of a given object (for instance, Accounts) will be accessed by the users who don't claim the record.

For example:

Read: Salesforce Jobs Australia- The Career Opportunities You Need to Know!

In the event that OWD for Accounts is private, it proposes that Jenny will just observe records that she is an owner of. In the event that OWD for Accounts is Read/Write, it implies anybody can scan and refresh (yet not erase) the record. Record-level-security: organization-wide sharing defaults

Role hierarchies

Basically, all organizations have an association structure wherever groups of individuals report back to their administrators and their chiefs thusly answer to their supervisors, shaping a tree-like organization graph. In order to rearrange sharing, Salesforce gives a clear method to impart records to directors. To utilize this sharing guideline, an administrator should initially add the user to a job and allow access.

Salesforce Training For Administrators & Developers

  • Personalized Free Consultation
  • Access to Our Learning Management System
  • Access to Our Course Curriculum
  • Be a Part of Our Free Demo Class


Securing data is of paramount importance. Salesforce understands this and that is why as already demonstrated above, it provides various ways in which you can keep your data guarded. Here, in this blog, we discussed in detail the security model Salesforce, Salesforce security model diagram, and Salesforce security model best practices. By understanding the Salesforce Data Security model, you can ensure greater safety of your data.

Read: Land Your Perfect Job With Salesforce Admin Job Description

FaceBook Twitter Google+ LinkedIn Pinterest Email

    Janbask Training

    A dynamic, highly professional, and a global online training course provider committed to propelling the next generation of technology learners with a whole new way of training experience.


Trending Courses


  • AWS & Fundamentals of Linux
  • Amazon Simple Storage Service
  • Elastic Compute Cloud
  • Databases Overview & Amazon Route 53

Upcoming Class

1 day 12 Aug 2022


  • Intro to DevOps
  • GIT and Maven
  • Jenkins & Ansible
  • Docker and Cloud Computing

Upcoming Class

1 day 12 Aug 2022

Data Science

  • Data Science Introduction
  • Hadoop and Spark Overview
  • Python & Intro to R Programming
  • Machine Learning

Upcoming Class

8 days 19 Aug 2022


  • Architecture, HDFS & MapReduce
  • Unix Shell & Apache Pig Installation
  • HIVE Installation & User-Defined Functions
  • SQOOP & Hbase Installation

Upcoming Class

8 days 19 Aug 2022


  • Salesforce Configuration Introduction
  • Security & Automation Process
  • Sales & Service Cloud
  • Apex Programming, SOQL & SOSL

Upcoming Class

1 day 12 Aug 2022


  • Introduction and Software Testing
  • Software Test Life Cycle
  • Automation Testing and API Testing
  • Selenium framework development using Testing

Upcoming Class

1 day 12 Aug 2022

Business Analyst

  • BA & Stakeholders Overview
  • BPMN, Requirement Elicitation
  • BA Tools & Design Documents
  • Enterprise Analysis, Agile & Scrum

Upcoming Class

8 days 19 Aug 2022

MS SQL Server

  • Introduction & Database Query
  • Programming, Indexes & System Functions
  • SSIS Package Development Procedures
  • SSRS Report Design

Upcoming Class

1 day 12 Aug 2022


  • Features of Python
  • Python Editors and IDEs
  • Data types and Variables
  • Python File Operation

Upcoming Class

2 days 13 Aug 2022

Artificial Intelligence

  • Components of AI
  • Categories of Machine Learning
  • Recurrent Neural Networks
  • Recurrent Neural Networks

Upcoming Class

16 days 27 Aug 2022

Machine Learning

  • Introduction to Machine Learning & Python
  • Machine Learning: Supervised Learning
  • Machine Learning: Unsupervised Learning

Upcoming Class

29 days 09 Sep 2022


  • Introduction to Tableau Desktop
  • Data Transformation Methods
  • Configuring tableau server
  • Integration with R & Hadoop

Upcoming Class

1 day 12 Aug 2022

Search Posts


Trending Posts

Receive Latest Materials and Offers on Salesforce Course