SlideShare a Scribd company logo

SFDC Database Security

Sujit Kumar
Sujit Kumar

SFDC Database Security

Technology
1 of 17
Force.com Database Security Sujit Kumar Zenolocity LLC © 2012 - 2024
Overview • Security done more through configuration than coding. • Profiles and Security Rules • The Security Funnel • Object Level Security • Field Level Security • Record Ownership & Record Level Security • Organization wide defaults • Sharing Rules – Public Groups, Roles
Security Rules • Profile: used to group users with common data access requirements. • Contains a set of permissions for every object defined in the organization. • Permissions determine authorization to read, create, edit and delete records. • Profile also has rules for access to fields of an object.
Security Rules (contd…) • Record-level security further restricts access to data based on the concept of record ownership. Cannot override object-level security. • Organization-wide defaults define the default, most restrictive sharing behavior of each object. • Sharing reasons create exceptions to this default behavior, granting access to specific groups of users.
Force.com Security Funnel
Profiles • Two Types: Standard and Custom. • Standard Profiles cannot be renamed or deleted but can be reconfigured. • Custom Profiles similar to standard profiles but can be renamed. They can be deleted if no users are assigned to them. • Administrative (Super-user) Permissions: Two administrative privileges in a profile trump all other security features in Force.com: Modify All Data and View All Data. Grant them with care.
Object Permissions • Identical for standard and custom objects. • Cannot be edited for standard objects. • 6 Permissions: Read, Create, Edit, Delete, View All, Modify All. • View All : exporting data, Modify All : bulk data operations like migration and cleansing. • View All & Modify All override all other security measures.
Object Permissions (contd…) • New custom objects initially have all permissions disabled for all profiles, except those with View All Data or Modify All Data permission.
Profiles and Licensing • Profiles associated with Licenses. • 2 basic licenses – SalesForce and SalesForce Platform. • SF Platform license lets you use all of SalesForce except business domain functionalities like CRM.
Field Level Security • Determined by a combo of profile and page layout. • More restrictive of the two takes precedence. • 2 ways to control this : FLS section in the profile or via the Field Accessibility feature. • Field Accessibility: finer control of fields via a combination of page layout and profile. The more restrictive of the two settings takes effect. • Example: if a page layout defines a field as read-only that is defined in the profile as being invisible, the profile takes precedence and the field is hidden. • Accessibility values: Required, Editable, Read-Only, Hidden.
Record Level Security • Records (instances of an object) are secured in 3 ways. 1. Record Ownership: Owners are individual users or groups. Ownership is transferable. 2. User Groups: can contains users or other groups. Hence, hierarchical. 3. Sharing Model: org-wide defaults or sharing reasons. Org-wide defaults apply to all records by object and sharing reasons override these defaults based on record ownership or other criteria.
Record Ownership • Creator is owner. Owner has full control over record. • Owner can read, edit, delete, share and transfer ownership of the record. • Owners are usually users but can also be a queue. • Records of child objects of a M-D relationship inherit ownership from the parent records.
User Groups • Record level sharing works with groups of users and NOT individual users. • 2 Kinds of groups: Public Groups and Roles • Public Group – list of users and other sub-groups. Keep membership small to improve performance. • Roles are also like groups but are hierarchical. • Users in roles inherit the privileges of the roles below them in the hierarchy, including record ownership. • A user belongs to 1 role at a time. An org has a single role hierarchy.
Org-wide defaults on Custom Objects • Establish the most restrictive level of access. • Private – exceptions are admin level View-All and Modify-All. • Public Read-Only – exceptions are users with admin level privileges. • Public Read-Write – default on new objects. • Controlled by Parent – available only to child objects in a LR. Similar to record-sharing behavior of child objects in a M-D relationship.
Sharing Reasons • Override the org-wide defaults for records to be shared among groups. • Groups can be roles or public groups. • Sharing between roles results in asymmetric privileges. Users in subordinate roles do not receive any privileges of their superiors, but superiors receive all the privileges of their subordinates. • Sharing between public groups results in symmetric privileges.
4 Types of Sharing Reasons • Manual – shared by owner with other users or groups. Level of access controlled by owner. • Sharing Rules – based on group membership or criteria based like roles. • Procedural – created programmatically in Apex code. • Delegated Administration - Profiles with special object permission category called Data Administration (View All and Modify All permissions). Users with this profile are exempt from all sharing rules.
How to implement Security Model 1. Create profiles based on responsibilities. 2. Configure field accessibility in the profiles. 3. Set org-wide defaults on each custom object. 4. Establish role hierarchy. 5. Add Sharing Rules that override org-wide defaults.

Recommended

Introduction to SalesForce
Introduction to SalesForceIntroduction to SalesForce
Introduction to SalesForceSujit Kumar
 
SFDC Database Basics
SFDC Database BasicsSFDC Database Basics
SFDC Database BasicsSujit Kumar
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in SalesforceSaurabh Kulkarni
 
Salesforce sharing and visibility Part 1
Salesforce sharing and visibility Part 1Salesforce sharing and visibility Part 1
Salesforce sharing and visibility Part 1Ahmed Keshk
 
recordsharingmodelinsalesforce-170519074428.pdf
recordsharingmodelinsalesforce-170519074428.pdfrecordsharingmodelinsalesforce-170519074428.pdf
recordsharingmodelinsalesforce-170519074428.pdfrohitgupt1
 
Record sharing model in salesforce
Record sharing model in salesforceRecord sharing model in salesforce
Record sharing model in salesforceSunil kumar
 
2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architectureJihun Jung
 
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxDataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxRebekka Aalbers-de Jong
 

Recommended

Introduction to SalesForce
Introduction to SalesForceIntroduction to SalesForce
Introduction to SalesForceSujit Kumar
 
SFDC Database Basics
SFDC Database BasicsSFDC Database Basics
SFDC Database BasicsSujit Kumar
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in SalesforceSaurabh Kulkarni
 
Salesforce sharing and visibility Part 1
Salesforce sharing and visibility Part 1Salesforce sharing and visibility Part 1
Salesforce sharing and visibility Part 1Ahmed Keshk
 
recordsharingmodelinsalesforce-170519074428.pdf
recordsharingmodelinsalesforce-170519074428.pdfrecordsharingmodelinsalesforce-170519074428.pdf
recordsharingmodelinsalesforce-170519074428.pdfrohitgupt1
 
Record sharing model in salesforce
Record sharing model in salesforceRecord sharing model in salesforce
Record sharing model in salesforceSunil kumar
 
2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architectureJihun Jung
 
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxDataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxRebekka Aalbers-de Jong
 
Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforceSunil kumar
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep DiveJihun Jung
 
Profiles and permission sets
Profiles and permission setsProfiles and permission sets
Profiles and permission setsVishesh Singhal
 
SFDC Database Additional Features
SFDC Database Additional FeaturesSFDC Database Additional Features
SFDC Database Additional FeaturesSujit Kumar
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringErdo Deshiant Garnaby
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protectionWelly Dian Astika
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4Sadegh Nakhjavani
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access controlNarendra Kumar
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 
Introduction to RDBMS
Introduction to RDBMSIntroduction to RDBMS
Introduction to RDBMSMerlin Florrence
 
Incorta Data Security
Incorta Data SecurityIncorta Data Security
Incorta Data SecurityDylan Wan
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfMahmoudSOLIMAN380726
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security ManagementAhmed Alorage
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryZoho Corporation
 
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...BMC Software
 
File system in operating system e learning
File system in operating system e learningFile system in operating system e learning
File system in operating system e learningLavanya Sharma
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.pptMohammedMohammed578197
 
Introduction to OOP with java
Introduction to OOP with javaIntroduction to OOP with java
Introduction to OOP with javaSujit Kumar
 
SFDC Social Applications
SFDC Social ApplicationsSFDC Social Applications
SFDC Social ApplicationsSujit Kumar
 

More Related Content

Similar to SFDC Database Security

Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforceSunil kumar
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep DiveJihun Jung
 
Profiles and permission sets
Profiles and permission setsProfiles and permission sets
Profiles and permission setsVishesh Singhal
 
SFDC Database Additional Features
SFDC Database Additional FeaturesSFDC Database Additional Features
SFDC Database Additional FeaturesSujit Kumar
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringErdo Deshiant Garnaby
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access controlNarendra Kumar
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxXhamiiiCH
 
Incorta Data Security
Incorta Data SecurityIncorta Data Security
Incorta Data SecurityDylan Wan
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfMahmoudSOLIMAN380726
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security ManagementAhmed Alorage
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfNohaNagy5
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryZoho Corporation
 
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...BMC Software
 
File system in operating system e learning
File system in operating system e learningFile system in operating system e learning
File system in operating system e learningLavanya Sharma
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 

Similar to SFDC Database Security (20)

Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforce
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive
 
Profiles and permission sets
Profiles and permission setsProfiles and permission sets
Profiles and permission sets
 
SFDC Database Additional Features
SFDC Database Additional FeaturesSFDC Database Additional Features
SFDC Database Additional Features
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoring
 
Ch13 protection
Ch13 protectionCh13 protection
Ch13 protection
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access control
 
Week No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptxWeek No 13 Access Control Part 1.pptx
Week No 13 Access Control Part 1.pptx
 
Introduction to RDBMS
Introduction to RDBMSIntroduction to RDBMS
Introduction to RDBMS
 
Incorta Data Security
Incorta Data SecurityIncorta Data Security
Incorta Data Security
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdf
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security Management
 
access-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdfaccess-control-basics-murat-kantarcioglu.pdf
access-control-basics-murat-kantarcioglu.pdf
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active Directory
 
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
 
File system in operating system e learning
File system in operating system e learningFile system in operating system e learning
File system in operating system e learning
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 

More from Sujit Kumar

Introduction to OOP with java
Introduction to OOP with javaIntroduction to OOP with java
Introduction to OOP with javaSujit Kumar
 
SFDC Social Applications
SFDC Social ApplicationsSFDC Social Applications
SFDC Social ApplicationsSujit Kumar
 
SFDC Other Platform Features
SFDC Other Platform FeaturesSFDC Other Platform Features
SFDC Other Platform FeaturesSujit Kumar
 
SFDC Outbound Integrations
SFDC Outbound IntegrationsSFDC Outbound Integrations
SFDC Outbound IntegrationsSujit Kumar
 
SFDC Inbound Integrations
SFDC Inbound IntegrationsSFDC Inbound Integrations
SFDC Inbound IntegrationsSujit Kumar
 
SFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSujit Kumar
 
SFDC UI - Introduction to Visualforce
SFDC UI - Introduction to VisualforceSFDC UI - Introduction to Visualforce
SFDC UI - Introduction to VisualforceSujit Kumar
 
SFDC Deployments
SFDC DeploymentsSFDC Deployments
SFDC DeploymentsSujit Kumar
 
SFDC Data Loader
SFDC Data LoaderSFDC Data Loader
SFDC Data LoaderSujit Kumar
 
SFDC Advanced Apex
SFDC Advanced Apex SFDC Advanced Apex
SFDC Advanced Apex Sujit Kumar
 
SFDC Introduction to Apex
SFDC Introduction to ApexSFDC Introduction to Apex
SFDC Introduction to ApexSujit Kumar
 
More about java strings - Immutability and String Pool
More about java strings - Immutability and String PoolMore about java strings - Immutability and String Pool
More about java strings - Immutability and String PoolSujit Kumar
 
Hibernate First and Second level caches
Hibernate First and Second level cachesHibernate First and Second level caches
Hibernate First and Second level cachesSujit Kumar
 
Java equals hashCode Contract
Java equals hashCode ContractJava equals hashCode Contract
Java equals hashCode ContractSujit Kumar
 
Java Comparable and Comparator
Java Comparable and ComparatorJava Comparable and Comparator
Java Comparable and ComparatorSujit Kumar
 
Java build tools
Java build toolsJava build tools
Java build toolsSujit Kumar
 
Java Web services
Java Web servicesJava Web services
Java Web servicesSujit Kumar
 
Introduction to Spring
Introduction to SpringIntroduction to Spring
Introduction to SpringSujit Kumar
 
Java Web Development Course
Java Web Development CourseJava Web Development Course
Java Web Development CourseSujit Kumar
 

More from Sujit Kumar (20)

Introduction to OOP with java
Introduction to OOP with javaIntroduction to OOP with java
Introduction to OOP with java
 
SFDC Social Applications
SFDC Social ApplicationsSFDC Social Applications
SFDC Social Applications
 
SFDC Other Platform Features
SFDC Other Platform FeaturesSFDC Other Platform Features
SFDC Other Platform Features
 
SFDC Outbound Integrations
SFDC Outbound IntegrationsSFDC Outbound Integrations
SFDC Outbound Integrations
 
SFDC Inbound Integrations
SFDC Inbound IntegrationsSFDC Inbound Integrations
SFDC Inbound Integrations
 
SFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSFDC UI - Advanced Visualforce
SFDC UI - Advanced Visualforce
 
SFDC UI - Introduction to Visualforce
SFDC UI - Introduction to VisualforceSFDC UI - Introduction to Visualforce
SFDC UI - Introduction to Visualforce
 
SFDC Deployments
SFDC DeploymentsSFDC Deployments
SFDC Deployments
 
SFDC Batch Apex
SFDC Batch ApexSFDC Batch Apex
SFDC Batch Apex
 
SFDC Data Loader
SFDC Data LoaderSFDC Data Loader
SFDC Data Loader
 
SFDC Advanced Apex
SFDC Advanced Apex SFDC Advanced Apex
SFDC Advanced Apex
 
SFDC Introduction to Apex
SFDC Introduction to ApexSFDC Introduction to Apex
SFDC Introduction to Apex
 
More about java strings - Immutability and String Pool
More about java strings - Immutability and String PoolMore about java strings - Immutability and String Pool
More about java strings - Immutability and String Pool
 
Hibernate First and Second level caches
Hibernate First and Second level cachesHibernate First and Second level caches
Hibernate First and Second level caches
 
Java equals hashCode Contract
Java equals hashCode ContractJava equals hashCode Contract
Java equals hashCode Contract
 
Java Comparable and Comparator
Java Comparable and ComparatorJava Comparable and Comparator
Java Comparable and Comparator
 
Java build tools
Java build toolsJava build tools
Java build tools
 
Java Web services
Java Web servicesJava Web services
Java Web services
 
Introduction to Spring
Introduction to SpringIntroduction to Spring
Introduction to Spring
 
Java Web Development Course
Java Web Development CourseJava Web Development Course
Java Web Development Course
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

SFDC Database Security

  • 1. Force.com Database Security Sujit Kumar Zenolocity LLC © 2012 - 2024
  • 2. Overview • Security done more through configuration than coding. • Profiles and Security Rules • The Security Funnel • Object Level Security • Field Level Security • Record Ownership & Record Level Security • Organization wide defaults • Sharing Rules – Public Groups, Roles
  • 3. Security Rules • Profile: used to group users with common data access requirements. • Contains a set of permissions for every object defined in the organization. • Permissions determine authorization to read, create, edit and delete records. • Profile also has rules for access to fields of an object.
  • 4. Security Rules (contd…) • Record-level security further restricts access to data based on the concept of record ownership. Cannot override object-level security. • Organization-wide defaults define the default, most restrictive sharing behavior of each object. • Sharing reasons create exceptions to this default behavior, granting access to specific groups of users.
  • 6. Profiles • Two Types: Standard and Custom. • Standard Profiles cannot be renamed or deleted but can be reconfigured. • Custom Profiles similar to standard profiles but can be renamed. They can be deleted if no users are assigned to them. • Administrative (Super-user) Permissions: Two administrative privileges in a profile trump all other security features in Force.com: Modify All Data and View All Data. Grant them with care.
  • 7. Object Permissions • Identical for standard and custom objects. • Cannot be edited for standard objects. • 6 Permissions: Read, Create, Edit, Delete, View All, Modify All. • View All : exporting data, Modify All : bulk data operations like migration and cleansing. • View All & Modify All override all other security measures.
  • 8. Object Permissions (contd…) • New custom objects initially have all permissions disabled for all profiles, except those with View All Data or Modify All Data permission.
  • 9. Profiles and Licensing • Profiles associated with Licenses. • 2 basic licenses – SalesForce and SalesForce Platform. • SF Platform license lets you use all of SalesForce except business domain functionalities like CRM.
  • 10. Field Level Security • Determined by a combo of profile and page layout. • More restrictive of the two takes precedence. • 2 ways to control this : FLS section in the profile or via the Field Accessibility feature. • Field Accessibility: finer control of fields via a combination of page layout and profile. The more restrictive of the two settings takes effect. • Example: if a page layout defines a field as read-only that is defined in the profile as being invisible, the profile takes precedence and the field is hidden. • Accessibility values: Required, Editable, Read-Only, Hidden.
  • 11. Record Level Security • Records (instances of an object) are secured in 3 ways. 1. Record Ownership: Owners are individual users or groups. Ownership is transferable. 2. User Groups: can contains users or other groups. Hence, hierarchical. 3. Sharing Model: org-wide defaults or sharing reasons. Org-wide defaults apply to all records by object and sharing reasons override these defaults based on record ownership or other criteria.
  • 12. Record Ownership • Creator is owner. Owner has full control over record. • Owner can read, edit, delete, share and transfer ownership of the record. • Owners are usually users but can also be a queue. • Records of child objects of a M-D relationship inherit ownership from the parent records.
  • 13. User Groups • Record level sharing works with groups of users and NOT individual users. • 2 Kinds of groups: Public Groups and Roles • Public Group – list of users and other sub-groups. Keep membership small to improve performance. • Roles are also like groups but are hierarchical. • Users in roles inherit the privileges of the roles below them in the hierarchy, including record ownership. • A user belongs to 1 role at a time. An org has a single role hierarchy.
  • 14. Org-wide defaults on Custom Objects • Establish the most restrictive level of access. • Private – exceptions are admin level View-All and Modify-All. • Public Read-Only – exceptions are users with admin level privileges. • Public Read-Write – default on new objects. • Controlled by Parent – available only to child objects in a LR. Similar to record-sharing behavior of child objects in a M-D relationship.
  • 15. Sharing Reasons • Override the org-wide defaults for records to be shared among groups. • Groups can be roles or public groups. • Sharing between roles results in asymmetric privileges. Users in subordinate roles do not receive any privileges of their superiors, but superiors receive all the privileges of their subordinates. • Sharing between public groups results in symmetric privileges.
  • 16. 4 Types of Sharing Reasons • Manual – shared by owner with other users or groups. Level of access controlled by owner. • Sharing Rules – based on group membership or criteria based like roles. • Procedural – created programmatically in Apex code. • Delegated Administration - Profiles with special object permission category called Data Administration (View All and Modify All permissions). Users with this profile are exempt from all sharing rules.
  • 17. How to implement Security Model 1. Create profiles based on responsibilities. 2. Configure field accessibility in the profiles. 3. Set org-wide defaults on each custom object. 4. Establish role hierarchy. 5. Add Sharing Rules that override org-wide defaults.