Solutions DeliveredSolutions Delivered SkillsSkills ArticlesArticles AboutAbout ContactContact
Download Resume

Guide to the Salesforce Security Model

Published on: June 16, 2025

Salesforce employs a sophisticated, layered security model designed to give organizations precise control over their data. This model ensures that users can access the information they need to perform their jobs, while simultaneously protecting sensitive data from unauthorized access. Understanding these layers—from broad organization-wide settings down to specific field-level permissions—is crucial for any Salesforce administrator. This guide breaks down the four critical layers of Salesforce security: Organization-Wide Defaults, Role Hierarchy, Sharing Rules, and Field-Level Security.

1. Organization-Level Security

The broadest layer of security involves settings that apply to the entire organization. These are the first line of defense, establishing baseline access parameters for all users. Key aspects of organization-level security include:

  • Password Policies: Administrators can enforce specific requirements for user passwords, such as length, complexity, and expiration periods.

  • Login IP Ranges: Access to the Salesforce org can be restricted to a specific range of IP addresses, preventing users from logging in from unsecured or unauthorized locations.

  • Login Hours: You can define the specific hours during which users are permitted to log in, further securing the environment outside of normal business operations.

2. Object-Level Security

Managed through Profiles and Permission Sets, object-level security determines a user's ability to interact with different types of objects. It dictates whether a user can view, create, read, edit, or delete records of a particular object, such as an Account, Contact, or a custom object.

These permissions, often referred to as CRED permissions, are foundational. This layer acts as a gatekeeper, granting or denying access to entire categories of data.

For instance, to edit a record, a user must have both Read and Edit access. Similarly, to delete a record, a user requires Read, Edit, and Delete permissions.

Profiles and Permission Sets

Salesforce uses both profiles and permission sets to manage user permissions.

  • Profiles are mandatory for every user and establish a baseline of access. A user can only be assigned one profile. A profile controls various settings, including object and field-level security, page layout assignments, tab visibility, and administrative permissions.

  • Permission Sets are used to grant additional permissions to users beyond what their profile allows, without requiring a separate license. They are ideal for use cases where a specific set of users needs extra capabilities that don't apply to everyone with the same profile. A single user can be assigned many permission sets.

3. Record-Level Security

While object-level security controls access to the object itself, record-level security determines which individual records a user can see and interact with. This layer is governed by a combination of Organization-Wide Defaults, Role Hierarchy, and Sharing Rules.

  • Organization-Wide Defaults (OWD): OWD settings are the foundation of record-level security, defining the default level of access users have to records they do not own. The primary settings are:

  • Private: Only the record owner and users higher in the Role Hierarchy can access the record.

  • Public Read Only: All users can view the record, but only the owner and those higher in the hierarchy can edit it.

  • Public Read & Write: All users can view and edit the record.

  • Controlled by Parent: In a Master-Detail relationship, the child record inherits its sharing and security settings from its parent record.

  • Role Hierarchy: The Role Hierarchy provides vertical access to records. It ensures that users in higher-level roles (like managers) can view and edit the records owned by users in roles directly below them in the hierarchy.

  • Sharing Rules: When OWD settings are restrictive (e.g., Private or Public Read Only), Sharing Rules can be used to grant broader, horizontal access to specific groups of users. There are two main types of sharing rules:

  • Owner-Based: These rules share records owned by specific users or roles with other users or roles.

  • Criteria-Based: These rules automatically share records that meet a defined set of criteria.

4. Field-Level Security

The most granular layer of the Salesforce security model is Field-Level Security (FLS). It allows administrators to restrict user access to specific fields within an object, even if the user has access to the record itself. FLS is also controlled through profiles and permission sets.

For any given field, a user's profile can grant:

  • Read & Write Access: The user can see and modify the field's value.

  • Read-Only Access: The user can see the field's value but cannot change it.Note: Certain administrative permissions, like View All Data and Modify All Data, can sometimes override these settings.

  • Hidden Access: The field is not visible to the user at all.

By leveraging these four layers, organizations can create a robust and flexible security framework that protects their data while empowering users to succeed.