Introduction
The internet, though benefits us all, comes with a big risk of privacy and security of personal as well as critical data. These data can belong to either an individual or an organization. But, this becomes a major issue especially with the software related to CRM (Customer Relationship Management). These software programs are very customer-centric and focus more on the privacy and security of the data.
Salesforce, which is a leading CRM software, has its own ‘Record Level Security Model’ for the same. Let’s discuss all the information related to this model, briefly over here.
What is Record Level Security in Salesforce?
Let’s first break the entire phrase and understand it. By Record Level we mean, data wherein each record is related to a single individual or organization. And, Record Level Security Model is a feature of authentication by Salesforce. This further implies that you can restrict the access of records in data, based on the specific user’s profile. Through this, Salesforce helps you to make sure that:
Data security applies for both confidential customer as well as company data;
Access to sensitive data is restricted;
Sensitive data is not given exposure;
Only relevant records are visible through restricted searches;
Access to records is provided to users to work on or collaborate with.
Types of Record Level Security
Further, this Record-Level Security Model has 5 main pillars, for ensuring data security. These pillars are briefly discussed below:

1. Organization-Wide Sharing Defaults:
Organization-Wide Default (OWD) in the Record-Level Security Model is the baseline level of access for each object, that’s a must for most restricted users. It defines the default level of sharing access that users can have of each other’s records. Further, it allows you to restrict access to the records, which can later be shared according to the hierarchy of roles. This role hierarchy is explained briefly, below.
2. Role Hierarchies:
Through role hierarchies in the Record-Level Security Model, you can control the access of data and records on Salesforce based on the roles of the user. The roles defined within the hierarchy affect the access to key components such as reports and records. For the same, a properly defined role hierarchy should be present before granting access to the employees as per their roles.
Read our blog on Benefits and Drawbacks of MVC Architecture
3. Sharing Rule:
It is mostly based on who owns the record at first. In particular, the usage of this rule is mostly by administrators. Through this, they can automatically grant access to users that are within a group. In the case of the Record-Level Security Model, the sharing access is pre-defined with the help of role hierarchy.
Moreover, the sharing rules are of two types:
- Ownership-Based Sharing Rules:
Ownership-based sharing rules put up an exception to the organization-wide default settings and the role hierarchy rules. Through this, you can give access to the users of records who don’t own access to the same. Moreover, they are based on the record owner only. Through this, you can provide access to peers who are currently holding the same role or even territory.
- Criteria Based Sharing Rules:
In the Record Level Security Model, the criteria-based sharing rule implies providing data or record access based on a record’s field values (criteria values). Unlike the ownership-based sharing rule, they are based on record values rather than record owners. Only if the criteria are met, then only a shared record is created for the same.
Check out Cyntexa’s blog on What is Copado?
4. Manual Sharing:
The other name of Manual Sharing is User-Managed Sharing in the Record-Level Security Model. Through this, the record owner or any user has full access over a record. With this full access, they can share the record with any user or group of users. But only the record owners or users above the record-owner can have full access. All the users can’t have full access to the same.
5. Apex Managed Manual Sharing:
In order to share a record programmatically in the Record-Level Security model, Apex Managed Manual sharing is further put to use. The developers can share custom objects with the help of the same. This type of programming takes place through Apex programming language or SOAP (Simple Object Access Protocol) API. However, the users with “Modify all data” permission can only add or change Apex Managed Sharing on a given record.
Conclusion
To sum up, through this Record-Level Security Model in Salesforce, you can expect trustworthy security of all your data. The above discussed 5 pillars of the model help in maintaining the security tightly.