This post consists of the most common record-level security settings that are available out-of-the-box in Salesforce. We will review the different methods and configurations for controlling the visibility and editability of records in Salesforce at 4 levels:
- Org-Wide Defaults (OWD)
- Roles
- Sharing Rules
- Manual Sharing
Org-Wide Defaults (OWD)
OWD let you control the accessibility of records at the organizational, or global, level.
To access your OWD configuration, follow these steps.
- Go to Setup.
- In the quick find, search for “Sharing Settings” and click on it to open the settings.
- Below, we can set the level of access we need for each of the different Salesforce objects.
Roles
Roles let you control the visibility of Salesforce records in a hierarchical manner. For example, suppose there are two users who are Sales Representatives and they shouldn’t be able to see each other’s records/data. But the Sales Manager should be able to see all of his subordinate’s records. To set such record-level access, establish the Roles and then set them on the applicable user profiles.
To set up Roles in Salesforce, follow these steps.
- Go to Setup.
- In the quick find, search for “Roles” and click on it to open the roles.
- Below, we can see that the record access is being controlled in a hierarchical manner. The Roles can then be assigned to individual users.
Sharing Rules
Salesforce also allows records to be shared based on pre-configured sharing rules. We use Sharing Rules to further expand the record visibility based on criteria or ownership.
To set up Sharing Rules in Salesforce, follow the below steps.
- Go to Setup.
- In the quick find, search for “Sharing Settings” and click on it to open the sharing settings.
- When you scroll past the Organization-Wide Defaults section on the Sharing Settings page, you’ll see the Sharing Rules section. From here, you can configure the Sharing Rule for any Object that isn’t dependent on a Parent.
- You can choose the rule type based on your requirement. If a record meets the established criteria, the record will be shared with Users/Public Groups/Roles and Subordinates as specified.
Manual Sharing
To further widen Salesforce visibility, a User can manually share records with another User/Group/Role.
To enable manual sharing,
- Go to Setup.
- In the quick find, search for “Sharing Settings” and click on it to open the sharing settings.
- On the OWD page, click “Edit” at the top and then tick the Manual User Record Sharing checkbox under “Other Settings.”
- Now you can go to any record and you’ll see the Share button on the record itself.
Conclusion
The idea here is to first set record-level security in Salesforce to limit the scope of records users have access to. Then based on the business needs, we can expand the visibility and accessibility of the records. The above-mentioned configurations are some of the most common and important tools in Salesforce that allow us to configure the security of various records.
Additional Resources
- Salesforce Trailhead: Control Access to Records Unit