The document discusses security and access levels in Salesforce. It describes how access is determined by organization security, profiles, object permissions, record permissions, field permissions, folder permissions, roles, and permission sets. Record access is further defined by the sharing model, which is influenced by with or without sharing classes, __Share records, and the UserRecordAccess service. The sharing model also considers licensing, relationships like master-detail, and emulating with sharing classes in without sharing classes.

1. www.vrpinc.
com
Management of Access Level
&
Sharing Model
Goshko Dmitry
Haritonovich Igor

2. www.vrpinc.
com
Security Overview in Salesforce.
Access to data and functionality is primary comprised of
the following:
•Organization Security
•Object Security
•Record Security
•Field Security
•Folder Security

3. www.vrpinc.
com
Organization Security.
Org-level permissions determines under what conditions
a user can login to Salesforce:
•When users can login (Login Hours)
•Where users can login from (Login IP ranges)
•How users can login (API, UI, ect.)

4. www.vrpinc.
com
Profiles.
A profile is a collection of permissions and settings that
is instrumental in determining a user’s functional access,
how information is displayed to the user, and a wide
range of other permissions.

5. www.vrpinc.
com
Object Security.
Object-level permissions determines what actions
(CRUD) a user can perform on records of each object.

6. www.vrpinc.
com
Record Security.
There are 3 tiers of record-level permissions:
•Read Only
•Read/Write
•Full Access

7. www.vrpinc.
com
Field-Level Sequrity.
Field-level permissions determines which fields a user
can view and edit on record:
•Visible
•Read-Only
The combination of settings:

8. www.vrpinc.
com
Folder Security.
Folders are used to secure a variety of data within
Salesforce, including but not limited to:
•Report
•Dashboards
•Email Templates
•Documents

9. www.vrpinc.
com
Roles.
The role hierarchy provides a framework to structure access to
record and folders in your organization.

10. www.vrpinc.
com
Permission Sets.
Permission sets are optionally assigned to a user to grant them
privileges in addition to their profile.
•Permission sets can only grant (not revoke) privileges.
•Permission sets are optional, and a user can be assigned
more than 1 permission set (a user is assigned zero to many
permission sets).
•The profile controls some elements (e.g. page layout
assignment) that a permission set cannot influence.

11. www.vrpinc.
com
Sharing Model in Salesforce.
- Различия между with sharing и without sharing классами.
- Влияние __Share на UserRecordAccess.
- UserRecordAccess как сервисный слой доступ к записям.
- Sharing и лицензии Salesforce.
- Primary и secondary Master-Detail и Sharing.
- Эмуляция with sharing класса , в without sharing.
- Создание и редактирование Share записей.

12. www.vrpinc.
com
Sharing Model in Salesforce.

13. www.vrpinc.
com
Sharing Model in Salesforce.

14. www.vrpinc.
com
Sharing Model in Salesforce.

15. www.vrpinc.
com
Sharing Model in Salesforce.

16. www.vrpinc.
com
Thank you for
your attention