Data security is an essential part of Salesforce. In Salesforce, data security does not mean protecting the data from outsiders or data thefts. Salesforce takes care of protecting the data against outside thefts and viruses. Data security in Salesforce refers to the security of data or data access among internal users of the Salesforce database. It is the role and responsibility of a Salesforce admin to maintain internal data security and grant the right access to the right user. Companies offering Salesforce implementation services are aware of data security, and they also ensure that the rules are followed correctly.
What is Data Security in Salesforce?
Data security in Salesforce refers to the management of data within Salesforce org for all users of the Salesforce org. It refers to granting access to the right set of data to the right users.
For example, a business may have different users like finance executives, sales executives, and HR executives. By default, Salesforce does not restrict any user from viewing or editing the data of any other user. However, the business would not want HR executives to view or edit financial transaction data or Sales executives to view or edit recruitment data. The business also has CEOs who have access to all data and VPs and senior executives who have access to different data.
Data security in Salesforce helps the business specify the view, edit, create, or delete access to users. It has layered security features that allow the business to grant different access to different users based on their role in the business organization.
Types of Data Security
Salesforce consists of three data concepts- Objects, fields, and records. Hence, it divides security into three types.
- Object-level security
Object-level security defines whether a user has access to view, create, edit, or delete objects in Salesforce. It is managed through configuring profiles and permission sets which we will discuss in further articles/videos.
- Field-level Security
Field-level security defines whether a user has access to view, create, edit, or delete fields of the objects in Salesforce. It is configured using permission sets and permission set groups.
- Record-level security
Record-level security defines whether a user has access to view, create, edit, or delete records in Salesforce. It can be configured in different ways like- Organisation-wide Defaults, Role Hierarchy, Sharing Rules, and Manual Sharing.
Let us discuss Organisation-Wide Defaults in detail.
What are Organisation-Wide Defaults?
Organisation-wide defaults (OWD) are the sharing settings that define the baseline level of access granted to the most restricted user of the Salesforce database. In simple terms, OWDs can lock down the entire data and allow a user to create, view, edit, and delete only the records he owns.
Salesforce admin is responsible for granting the right access to the right users. He can view, create, edit, and delete all the data and sharing settings in Salesforce.
Let us understand and implement OWDs with examples.
Assume a business has four sales executives- Rajesh, Rishik, John, and Alex. By default, all four sales executives will have access to the lead data of the other three executives. It can lead to one executive stealing another’s lead or changing lead details.
To avoid this, the business can use OWD and restrict the view, edit, create, and delete access to executives who are not the owners of the leads.
How to configure OWD in Salesforce?
Let us configure OWD settings for lead data in Salesforce.
- Go to Setup.
- Search for sharing settings in Quick Find. Click on Sharing settings.
You will be able to see all the sharing settings across the organization. In the OWDs, you can see settings for each object present in Salesforce.
- Click on the edit button in the Organization-Wide Defaults.
- Change the Default internal access for the lead object
You can choose from four options
Private- Only the owner of the lead will be able to view, edit, create and delete the lead record.
Public read-only– all the users can view the lead records of other users.
Public read/write– all the users can view, create, edit, and delete the lead records of other users.
Public read/write/transfer- all the users can view, create, edit, delete, and transfer ownership of the lead records of other users.
We will change the default internal access to private for the lead object.
- Salesforce takes time to execute sharing settings. Once the sharing settings are changed, the admin is notified through email.
In summary, organizational-wide defaults are the foundational principles, practices, and values that underpin a company’s culture and operations. They shape how employees work together, make decisions, and interact with customers, ultimately influencing the organization’s efficiency, risk management, and ability to adapt to changing circumstances. If you are looking for a company that works on data security and offers Salesforce implementation services. By fostering consistency, aligning with strategic goals, and promoting ethical conduct, these defaults play a crucial role in defining a business’s success and sustainability in a competitive and dynamic business environment.
