Salesforce Security Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Salesforce Security Guide
Salesforce Security Basics
Authenticate Users
Give Users Access to Data
Control Who Sees What
User Permissions
Permissions and Access Settings
Revoke Permissions and Access
Object Permissions
Custom Permissions
Profiles
Permission Sets
Create a User Role
Share Objects and Fields
Strengthen Your Data’s Security with Shield Platform Encryption
Audit and Monitor Your Organization’s Security
Real-Time Event Monitoring
Security Guidelines for Apex and Visualforce Development
API End-of-Life Policy
PDF

Permissions and Access Settings

User, object, and field permissions and access settings can be specified in profiles and permission sets. To use them effectively, understand the differences between profiles and permission sets.
Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience
The available permissions and settings vary according to which Salesforce edition you have.
Permission sets available in: Essentials, Contact Manager, Professional, Group, Enterprise, Performance, Unlimited, Developer, and Database.com Editions

Permissions and access settings specify what users can do within an organization:

  • Permissions determine a user's ability to access object records and perform certain tasks, such as viewing the Setup menu, permanently deleting records in the Recycle Bin, or resetting a user's password.
  • Access settings determine other functions, such as access to Apex classes, app visibility, and the hours when users can log in.

Every user is assigned only one profile, but can also have multiple permission sets. When setting up your users, use profiles to manage default settings, such as assigned apps, record types, page layouts. Then use permission sets to configure permissions and access settings.

This table shows the types of permissions and access settings that can be specified in profiles and permission sets and the recommended feature for managing them.

Permission or Setting Type In Profiles? In Permission Sets? Recommended Feature
Assigned apps Check icon indicating true Check icon indicating true Profiles for default assigned apps, permission sets for additional assignments
Tab settings Check icon indicating true Check icon indicating true Permission sets
Record type assignments Check icon indicating true Check icon indicating true Profiles for default record types, permission sets for additional assignments
Page layout assignments Check icon indicating true Profiles
Object permissions Check icon indicating true Check icon indicating true Permission sets
Field permissions Check icon indicating true Check icon indicating true Permission sets
User permissions (app and system) Check icon indicating true Check icon indicating true Permission sets
Custom permissions Check icon indicating true Check icon indicating true Permission sets
Apex class access Check icon indicating true Check icon indicating true Permission sets
Visualforce page access Check icon indicating true Check icon indicating true Permission sets
External data source access Check icon indicating true Check icon indicating true Permission sets
Connected app access Check icon indicating true Check icon indicating true Permission sets
Legacy SAML service provider access (not created via connected apps) Check icon indicating true Check icon indicating true Permission sets
Login hours Check icon indicating true Profiles
Login IP ranges Check icon indicating true Profiles