What Is Salesforce Record Level Security ?
Record Level Security in Salesforce determines which individual records in each object can be viewed and edited by users they have access to in their profile.
The permission on a record is always evaluated according to a combination of object, field, and record-level security permission. When object-level permissions versus record-level permissions conflict, the most restrictive settings win.
To implement it the administrator needs to answer the following questions:
- Should the users have open access to every record or a subset?
- If it’s a subset then what rules should determine whether the user can access them?
Types of Implementing Salesforce Record-Level Security
Salesforce provides 4 ways to implement record-level sharing:
- Org-wide defaults specify the default(base) level of access users have to each other’s records.
- Role hierarchies ensure managers have access to their subordinates’ records. Each role in the hierarchy represents a level of data access that a user or group of users needs.
- Sharing rules are automatic exceptions to org-wide defaults for particular groups of users, to give them access to records they don’t own or can’t normally see.
- Manual sharing lets record owners give read and edit permissions to users who might not have access to the record because of OWD.