This Security and Access diagram explains the settings available to Salesforce controlling what Users can see and do. We'll explain more and provide examples of each below.

​

​

​

Multi-Factor Authentication (MFA)

​

MFA is a security feature that requires Users to provide two or more forms of authentication before they can access Salesforce. This can include something the user knows, such as a password, and something they have, such as an authenticator app, or something they are, such as a biometric factor like a fingerprint. MFA adds an extra layer of security and helps to ensure that only authorized users can access sensitive data.

​

Trusted IPs and Restricted IPs

​

Trusted IPs and Restricted IPs are used to control access to Salesforce based on IP address. Trusted IPs, provides a defined list of IP addresses from which users can log in without receiving a login challenge for verification of their identity, such as a code sent to their mobile phone.  With Restricted IPs, Users can access Salesforce only from specified IP addresses, which can be useful for ensuring that employees can only access the platform from within the company's network.

​

Profiles and Permission Sets

​

Profiles and Permission Sets are used to control what Users can see and do in Salesforce. Profiles define the baseline permissions for a user, such as which apps and objects they can view and what actions they can take like Create, Read, Edit, and Delete. Permission Sets can be used to grant additional permissions to a User, such as the ability to edit a specific object or to run reports. By using Profiles and Permission Sets, organizations can ensure that users only have access to the data and functionality they need to do their jobs. An example of these would be if a profile for an Advisor was created to view their own records and specific objects. We can create a "View All Records" Permission set which allows the assigned User to view all records, not just their own.

​

Licenses

​

Salesforce licenses are used to control what features a user can access in the platform. Different types of licenses are available, such as the Sales Cloud license or the Service Cloud license, and each license provides access to a different set of features. By assigning the appropriate licenses to users, organizations can ensure that they only have access to the functionality they need.

​

CRED (Create, Read, Edit, Delete)

​

As mentioned above, CRED is a set of permissions that controls what actions a user can take on a specific object in Salesforce. By setting the appropriate CRED permissions for each object, organizations can ensure that users can only perform the actions they need to do their jobs. For example, a setting of Create, Read, and Edit on the Contact's object, allows a User to do just that: Create new Contacts, Edit existing contacts and Read existing Contacts. Since Delete is not listed, a User will not be able to delete any Contacts from the org. 

​

Org Wide Defaults

​

Org Wide Defaults are used to control the default sharing settings for an object in Salesforce. By setting the appropriate Org Wide Defaults, organizations can ensure that users can only see and edit the records they need to do their jobs. As a best practice, we prefer to start the Org default as Private so Users only see the records they own, and open the access from there. It's important to remember that you can open access for your Users with Permission Sets, rather than start with Public/Read/Write and then restrict. For example, if ABC Wealth Management only wants their Users (Financial Advisors) to view their own client's investment accounts, you would want to set the Org Wide Default to Private. Advisors will only see their own client's accounts. If you have a Manager Advisor who needs access to view all Advisor's accounts, you could open their access by creating a Manager Access Permission set which will allow them to Create, Read, Edit, and/or Delete client's accounts.

​

Role Hierarchy

​

Role Hierarchy is a feature that allows users to be grouped into a hierarchy based on their job role. By setting up a Role Hierarchy, organizations can ensure that Users only have access to the records that are relevant to their role. For example, a manager will want to have access to their subordinate's records however the subordinates should not be able to have to the manager's records. A Company Hierarchy needs to be established first to determine the hierarchical structure and who will have access to what records.

​

Sharing Rules and Manual Sharing

​

Sharing Rules and Manual Sharing are used to grant access to records in Salesforce that are not accessible by default based on Org Wide Defaults or Role Hierarchy. Sharing Rules can be used to automatically grant access to specific records based on certain criteria like users, roles, territories, or public groups, while Manual Sharing allows administrators and Users to manually grant access to specific records.

 

An example of Sharing Rules would be setting up a specific Territory "West Coast" allowing all Users in this territory to access those records. Manual sharing could be used if a Salesperson was going on vacation. If the User was working on a specific Opportunity, the User could then manually share the pertinent records to the other Salesperson who was covering their accounts. 

​

Field Level Security

​

Field Level Security is used to control which users can view and edit specific fields in an object in Salesforce. By setting the appropriate Field Level Security settings, organizations can ensure that users can only access the data they need to do their work. Going with the Wealth Management example above, some firms may want to conceal their client's social security number. Some Users who set up accounts may have access to that particular field while others do not for confidentiality reasons.

​

Page Layouts

​

Page Layouts are used to control what information is displayed to Users when they view a record in Salesforce. By customizing the Page Layouts for each object, Record Type, Profile organizations can ensure that users only see the fields and related information that are relevant to their job function.

​

As you can see, Salesforce provides a range of security and access settings that help organizations protect their sensitive data and ensure that only authorized users can access it. By using these features effectively, organizations can reduce the risk of data breaches and ensure that their business processes are carried out in a secure and compliant manner.