In this blog, “An Overview of Salesforce Security Basics”, we will discuss how one can secure his organization data in the Salesforce. Data security means protecting organization data against unwanted access or from third-party users. With safety measures around us like CCTV cameras, concrete buildings, bulletproof walls, safety clocks, we make sure that no one can harm our data physically. The question is how to protect your data online? You can use encryption techniques or cryptography schemes to protect your data against malware attacks or other harmful viruses.
Salesforce is based on the multi-tenant architecture that separate one organization data from another. So, there is a single pool of computing resources used to serve different types of customers. Salesforce protects your Company data from other organizations with the help of a unique identifier that is related to the independent user’s session.
As soon as you log in to access your data, the subsequent requests are associated with your organization with the help of a unique identifier. In brief, Salesforce is putting best efforts to protect your data in a best possible way. But these efforts are not sufficient and there is a need for special care to protect the data at our end. Salesforce has a plenty of inbuilt features to protect the data from unauthorized access. It may be phishing, malware, intentional access, or accidental access by employees.
So, I was not sure either these tools are enough to protect my data or not. Finally, I find out the solution and realize that security can be enforced into the system at various levels. The agenda of this blog is to make you familiar with different security trends that need to be followed properly to protect your data against thefts. Let us dive deep and discuss on each of the security trends one by one throughout the blog.
If someone understands the meaning of these three words nicely then this is easy to enhance the data protection to a different level. These settings are quite liberal and can be accessed through a given approach below –
Setup -> Security Controls -> Sharing settings
There are four permission sets for Organization-Wide Defaults i.e. Public, Private, Read Only, and Write. You can use these permission sets to make the data access more restrictive but still allow users to complete their jobs. When you are working on these settings then don’t think of current users only but mindful for future entries too. Don’t worry even if you commit some mistake because this is always easy going back and relax settings based on your business needs. Here are few more guidelines proposed by the Salesforce experts to secure your organization data against phishing or malware. These instructions include –
Salesforce assigns a unique ID and password to each of the employees in the organization. you can implement effective password policies at each user-level to maximize the data security like set a time to expire the user password, define the complexity levels, and so on. Further, you can use single the sign-on capability to simplify the user authentication process. In a few cases, there is a token used instead of passwords or you can use LDAP server too. With all these effective solutions, the security at user-level can be improved in multiple ways –
With the object-level permission, you can check what actions can be performed by a user on records of each object. These actions include – Create, Read, Edit, or Delete etc. To create the records of a particular object type, the user needs “Create” permission first.
To perform an action on an existing record, the user needs record-level permission like Read Only, Read/Write, Full Access etc. Read Only, Read/Write permission for a record can be assigned through multiple modes like sharing rules, org-wide defaults etc. At the same time, Full access permission is assigned to record owner only who is higher in the role hierarchy or system administrator. You must be wondering who is a Record Owner and what is Role Hierarchy actually? Let us discuss in detail in our next section – Record Owner and Role Hierarchy.
Each record must have an owner either it is a user or queue. You should spend good time in assigning the ownership and it can be checked quickly based on the org-wide defaults. If the ownership is assigned wrongly then it may impact your business badly. It is fine if the system administrator is the owner for all the records in a list but there is a need to define permission set for each of the records nicely.
If it is set private by default and your team wanted to see the details then it may create the problem. The best practice is adding a Record Owner column for each record entry so that information can be populated quickly whenever needed.
Keep in mind that record ownership is possible for active users only. It does shave any impact on our daily lives but it created are problem when you wanted to import data. Every time when you are importing data then activate the user and you can deactivate the user again when not needed.
A question must be boggling you mind all the time, if one system administrator sets an object to Private then how can Managers view the records of their staff. This is where the Role Hierarchies come into picture. The option is available under –
Setup -> Manage Users -> Roles -> Role Hierarchy
The concept of Role Hierarchy is somewhat similar to the Organization Chart that will explain to you how are different roles connected together. Every user assigned at least one Role when added to the system. Based on role hierarchies at the same level, two users could never see each other’s records until they are not allowed. From security point of view, defining Role Hierarchy is important because it will decide who can see your records at the higher level.
How to reach if there is an exception in the case of org-wide defaults? This is where the concept of Sharing Rules comes into picture. The option can be accessed by the approach mentioned below –
Setup -> Security Controls -> Sharing Settings -> Sharing Rules
One of the biggest benefits of sharing rules is that they are based on the Record Owner criteria. This is possible to share all the records for a particular group or role or you can share records that satisfy any specified criteria. However, there is need to define the rules carefully so that they should not override each other.
Hopefully, this high-level discussion on Organization-wide defaults, Record Owner, Object-level Security, Record-Level Security, Rile Hierarchy, and the Sharing Rules has provided some food for though how to secure the organization data in the best possible way. It may risky for newer administrators in the beginning but a depth understanding of the concept will help you in securing the Salesforce system instantly. I would recommend instead of opting any one out of six ideas, one should utilize each of them to achieve a stronger and robust security policy.
JanBask Training is a leading Global Online Training Provider through Live Sessions. The Live classes provide a blended approach of hands on experience along with theoretical knowledge which is driven by certified professionals.
Receive Latest Materials and Offers on Salesforce Course