Data Security in Salesforce
First, we theoretically understand Data Security.
We use data security to keep your org and your app secure. We need to control access to what a user or group can see in the org or app. How can we manage the security of who will be able to access the data or who will be able to create the data or delete the data? Not only the object, but we will discuss which field a user can see.
Data security in salesforce is divided into four parts.
- Organization Security:- In organization security, how do we secure our org? Only users can access the org. We maintain the list of authorized users. We set the password policy. We can set the login hour and location limit, so we need to make the org secure. So let’s do it in our org.
- Click on the Setup gear icon
- Quick find box type user and click the user. Here it shows all available active users and Admin users, and we can create a new user, can reset your password. In addition, we can deactivate a particular user.
- With this list view, we can select Admin users, All users, and Active users. Then, if we want to create a new user, click on New use, fill in the required field,d, and click on the Save button.
- If we want to reset the password, select a particular user, check the checkbox, and select reset password.
- We can set password policies. So now we will search Profile in a quick find box and select profiles. When ever we create a user, we need to find a shape that is a required field.
- So We can open any standard profile.
- Initially, it shows profile details, page layout, etc., but we need to focus on the password policy and limit login to certain hours and locations. So we can set the IPs and determine the time and which users can log in. So that is available at the bottom of the profile page. Here we can see password policies.
- So we can click on Edit. Again we need to scroll down, see the password policies, and select these fields per the requirements.
- All these fields are related to the password policies, so whatever password policies we set on this profile so users who are related to this profile so these policies will apply to all those users. And then save it.
- Now we need to limit login to specific hours to locations. Again in the profile and scroll down, we can see the Loing hours and Login IP ranges just after the password policies.
- So we click the Edit button on Login hours. We can set login hours for particular days.
- Next is the Limit IP address. That is also available on the profile page. Scroll down, and we can see the after Limit hours. So we click on the New button.
- Here we can set the Login IP address. Enter the range of valid IP addresses from which users with this profile can log in.
So this way, we can control users from the org level to set the organization level security—these things we need to apply to the profile.
- Object Level Security:- we can create, read, update, and delete(CRUD) for both standard and custom objects. We can control object permissions using profile and permission sets. For example, the parking place is similar to the salesforce object inside parking. We have different vehicles that might be bikes and cars that are parked. If we talk about open parking that is public read-only, no matter who is owner, everyone can see every car. Still, if it is closed parking, only the owner can see the car, or whoever the access to the parking can see that vehicle.
- Now we click on org. So currently, I have logged in with my system admin user (Neha Anwekar)
- We are going to do a modification to the profile, which is related to the user Neha Anwekar. The profile’s name is standard user custom, and this is a custom profile.
- So we log in to another user profile and click login.
- Now we will go to the setup gear icon and find a profile in the quick find box. Now we open a standard user custom.
- Now we click the Edit button, and scroll down will uncheck Edit and Delete in Standard Object Permissions.
- And save it. And again, we’ll go to users. And click the Login another user. To whom we have given access, his profile is the standard user profile.
- Now we will click on Account Object and open any one account. Next, we will check whether our restrictions are working or not.
- So our restriction is working. Edit pencil icon not showing on the account. We can create a new account but can’t edit and delete it.
- Field Level Security:- we can restrict specific fields in salesforce even if the user has object level access, so let’s say if the user profile has access to objects like user can create a record, user can delete record, user can edit documents so if the user has those object level access even if we can restrict access to the specific field for that user with the help of field level security
So let’s go to the org.
- So we will go to users again and log in to another user’s standard user custom profile.
- So first, we will go to particular records fields that are visible and editable. Then, we will consider the object, for example, purpose, and open one record.
- And here, we can see that various fields are available, so let’s talk about the industry.
- We can now give industry for this profile user and change this value.
- And save it. Now again, we go back to another user’s System Admin profile.
- Then again, search profiles in the quick find box and open profiles.
- Then open the standard user custom profile. Then we need to search for the object. Scroll down, and we can see the Field level of security.
- After the Account object, we will View.
- So here, we can see read access and edit access. So we will search the industry. Then we will uncheck edit access. And save it.
- Now it means the industry is only read access. So let’s check standard user customs. Let’s log in to another user. First, go to the user in the quick find box.
- Let’s log in to another org.
- And open any one account.
- Now we want to see users won’t be able to edit that field. So instead, users can only view the available domain.
- Here we can see in the industry field we can’t see the Edit penile icon.
- Now again, we go back to the profile.
- And open standard user custom, then scroll down and click view in field level security near Account.
- Then click Edit. And uncheck the Read access from the Industry field as well.
- And then save it. And go back to check.
- Login to another org and open any Account record. So if the field does not have both read and edit access, it will automatically be removed from the page layout.
- So here, we can’t see industry fields. So that way, we will restrict the field-level security.
Record level security:-
In record-level security, we can restrict access to records for users even if the user has object-level permission. So, for example, a user can access his records but not other documents.
So we can manage the Record level of access
- Organization-wide default.
Let’s go to the org.
- System Admin can access all the records even after applying the security model. Still, another user (standard user custom ) can’t be able to view all the papers because this user is not a System Admin.
- Now System Admin user, We will search Sharing Settings on the quick find box.
- Now we need to click the Edit button. Now we can see all the objects are available.
- It shows Custom and standard objects as well. now we can change the Default internal access of the Account object. So there we can see three options are available. So we will select private.
- Then click on ok. Then save it.
- And once it is applied, the salesforce will send an email.
- Now we refresh the org. Now we can see the Account sharing model will be Private.
- Now we will go to another Standard user custom profile.
- Now we click on Account and Select All accounts. So here we can see in Account records that this user can only log his.
- Now we go back again to sharing settings in system Admin users. And again, go sharing stages if we select public read-only, so in that case, records will be visible, but they will be visible only read. It means we can view the paper but won’t be able to edit the documents. I hope you understand those things.
I hope you find this blog. Thanks for Reading.