Salesforce has a unique way of handling the sharing and security with respect to data.
Salesforce has a couple of entities to take care of object-level security and Field level security.
- Permission Sets
It has for 3 to 4 entities to take care of Record level security.
- Organisation Wide Defaults
- Role Hierarchies
- Sharing Rules with Public Groups
- Manual Sharing
Let me walk you through each of them.
Organisation Wide Defaults - Here we restrict access to the data by providing the most restrictive permissions.
In OWD we have three different permissions.
- Public Read Write - Everyone can see the data and edit it
- Public Read Only - Everyone can see the data but not edit it
- Private - When a user creates a record only he can see it
Profiles - Using profiles we control then Object and Field Level Security. Profiles do a lot of other things on top of it.
Role Hierarchies - Using this option when a user creates a record his manager and his manager (top the pyramid) will be able to see the record and access it.
Sharing Rules w/ Public Groups - When we want to share records with a group of users when we will create a Public Group and we will write a sharing rule on top of it.
Manual Sharing - If it’s a one-off case we can use manual sharing and we can share records too.
Permission Sets - This entity is used to increase the permissions and not reduce them. User X has a few permissions if you want to increase the permissions on top of existing permissions then we will use Permission Sets. It is used to perform the same thing that Profiles(provide object level and field-level security) do but on the user level.
Hope this is helpful!