Techilan Pvt Ltd | Blogs Details

DATA SECURITY IN SALESFORCE

Salesforce is built with security to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. However, protecting your data is a joint responsibility between you and Salesforce. The Salesforce security features enable you to empower your users to do their jobs safely and efficiently.

Enquiry Now

First Name

Last Name

Phone No

Company

Job Title

What can we help you with?

USES :

▪ Salesforce Data security deals with the security and sharing settings of data as well as visibility between users and groups of users across the organization. Force.com platform provides a flexible sharing model enabling us to assign different levels of access and visibility to different sets of user.
▪ Data security in Salesforce is concerned, they ensure you provide a service where only registered members of the organization are allowed to access the stored data. This is why they provide a service, which eventually helps keep data safe from corruption, unauthorized access and theft amid its complete lifecycle.

Data access levels

Data uploaded, stored or accessed is required to be kept safe and secure, not just from unauthorized access or theft, but also from employees of an organization.

ORGANIZATION LEVEL SECURITY

The access to the whole organization is secured at this level by maintaining a list of authorized users, setting password policies, and limiting login access to certain hours and certain locations.
USES :
▪ We protect our data at the broadest level here and this can be done by creating and managing users, setting password policies, and limiting when and where users can log in.
▪ Access to organization (Salesforce User Management) can be restricted by four means:
✓ Allowing only authorized users to access Salesforce
✓ Setting Password Policies
✓ Restricting IP ranges for Users.
✓ Restricting Login Hours for Users

User Management in Salesforce

A user is anyone who logs in to Salesforce. Users are employees in your organization. Every user in Salesforce has a user account. The user account identifies the user, and the account settings determine what features and records the user can access.

Manage User Passwords

Salesforce provides each of your users with a unique username and password that they enter at each login. As an admin, you can configure several settings to ensure that your users' passwords are strong and secure.

To manage user Passwords :

• Set Password Policies
• Reset Passwords for Your Users
• Expire Passwords for All Users

Deactivate A User

You can't delete a user, but you can deactivate an account so a user can’t log in.
Deactivated users lose access to all records.

Device Activation

With device activation, Salesforce challenges users to verify their identity when they log in from an unrecognized browser or device or from an IP address outside of a trusted range.
To manage device activation settings:
• Device Activation
• Edit Session Settings in Profiles

Session Security

After logging in, a user establishes a session with the platform. Use session security to limit exposure to your network when a user leaves the computer unattended while still logged in. Session security also limits the risk of internal attacks such as when one employee tries to use another employee’s session.

OBJECT LEVEL SECURITY

Access to object-level data is the only thing to control. By putting permissions on a specific type of object, you could prevent a set of users from creating, viewing, editing, or deleting any records of that object.
You also can use profiles to control the objects that user can access and the permissions they’ve for every object. You also can use permission sets and permission set groups to increase access and permissions without editing users’ profiles.
For example, you could use object permissions to make sure that interviewers can view positions and job applications but not edit or delete them.

There are two ways of setting object permissions:

1. Profiles:

It determines the objects a user can access and the permissions a user has on any object record. Profile is a collection of settings and permissions that determine which data and features in the platform users have access to.
Settings determine what users can see for example apps, tabs, fields, and record types whereas Permission determine what users can do for example create or edit records of a certain type, run reports and customize the app. Each of the standard profiles includes a default set of permissions for all of the standard objects available on the platform.

Some of them are:
1. Standard User: Standard User profile has Read, Edit, and Delete permissions to most standard objects.
2. Read Only: Read-only user had permissions exactly similar to standard user but limits the access to read-only.
3. Marketing User: Permissions of Standard User+ Additional Permissions.
4. Contract Manager: Permissions of Standard User + Additional Permissions.
5. Solution Manager: Permissions of Standard User + Additional Permissions.
6. System Administrator: The System Administrator profile has the widest access to data and the greatest ability to configure and customize Salesforce. The System Administrator profile also includes two special permissions namely “View All Data” and “Modify All Data”.

2. Permission Sets:

It provides additional permissions and access settings to users. A permission set is a collection of settings and permissions that give users access to various tools and functions.
The settings and permissions in permission sets are found in profiles, but permission sets extend users’ functional access without changing their profiles. Permission sets make it easy to grant access to the various apps and custom objects in your org, and to take away access when it’s no longer needed.
You'll be using permission sets for two general purposes:
✓ To grant access to objects or apps
✓ To grant permissions—temporarily or long term—to specific fields

FIELD LEVEL SECURITY

Field-level security refers to the security we apply to the fields. It implies that whether a user can edit, see or delete the value for a particular field.
USES:
➢ Field level security in salesforce controls whether a user can see, edit or delete the value for a particular field on an object, unlike page layouts which only control the visibility of the field on detail and edit pages of an object. It secures the visibility of fields in any part of the app including related lists, list views, reports, and search results.
➢ Field level security can be applied to multiple fields on a single profile or permission set and can also be applied to a single field on all profiles.
Field Level Security via Profile and Permission Set
1. In the quick find box, search for profile/permission set. Both sections come under Users section
2. Select any particular profile and scroll down up to standard or custom field- level security.
3. Click on the View link of any object, it will redirect you to the page where all fields are present related to that chosen object.
4. Click on edit and set field-level security as per two choices available that is Read access or Edit access

Field Level Security via Field Accessibility
1. The field accessibility option comes under security in setup.
2. Choose any of the objects for which you want to view or edit field accessibility.
3. Select the ‘View by fields’ option and after that select the field for which you want to view or edit accessibility.
4. This will show a list of fields according to the profiles and you can set accessibility as per their profiles and assign record types.
Field Level Security via Object Manager and Page Layout
1. From Setup, click object manager and select any object.
2. In the fields and relationship section, select any of the fields on which you want to view or edit accessibility.
3. Field level security gives us two options : Visible & Read Only

RECORD LEVEL SECURITY

This level provides us the security we can apply over records in Salesforce Org. Via record level security one can define the access of records to the users lying at different profiles or roles throughout the Salesforce org.
There are the following ways we can share records between users:
1. OWD (Organization-Wide Defaults)
2. Role Hierarchy
3. Sharing settings
4. Manual Sharing
Organization-Wide Defaults

OWD tells us to record security for each object. It is the baseline in terms of record-level security. One must always set the OWD as restrictive and open up the access by other solutions available for the record level security. OWD section comes under sharing settings in the security section in setup.

Role-Hierarchy

Role hierarchy in Salesforce means the user who will be on the top has the access to all of the users below. It follows a top to down approach. The user won’t have access of the above users but the users which are below his level as per the role hierarchy defined. Role hierarchy automatically grants access to the users

Sharing Rules

As mentioned above, role hierarchy follows the top to down approach whereas, Sharing rules provide the record-level access to those who are at the same level in the Role hierarchy. Sharing rules are used to provide horizontal access. Sharing rules can be applied on standard and custom objects. We can assign or create sharing rules/sharing settings by navigating to the OWD section and below there is a section where we can create a sharing rule for every object present in the org.

Manual Sharing

In this, we can share records manually to the individual users, roles, or public groups. It is available to the record owners, their managers, and system admin. If a user does not have access to any record which is owned by some other user then the owner of the record can manually share the record with the user.