Object Level Security Model in Salesforce

by Rijwan Mohmmed

Greetings everyone, today’s topic of discussion is the Object Level Security Model in Salesforce. It’s the foundation of data protection in Salesforce, determining who can access what objects and their records. This robust model ensures your data remains confidential and compliant.

Using Object-level security we can prevent a user from viewing, creating, editing, or deleting any instance of a particular object type. We can specify object permissions in permission sets and profiles. Permission sets and profiles are collections of settings and permissions that determine what a user can do in the application.

Also, check this: Apex Trigger Best Practices in Salesforce

Key Highlights :

  1. Data Integrity: Maintain data accuracy and consistency across the organization.
  2. Compliance: Adhere to industry standards and regulations by controlling data access.
  3. Confidentiality: Safeguard sensitive information, allowing only authorized users to view and manipulate records.
  4. Profiles: Define which objects users can access and their level of access.
  5. Permission Sets: Fine-tune access for specific users, extending their privileges without changing their profile.
  6. Sharing Settings: For objects with private sharing, decide how users can share records with each other.
  7. Roles and Hierarchy: Determine visibility and data access based on user roles within your organization.

Unveiling a Secure Salesforce:

By grasping the intricacies of the Object-Level Security Model, you’re contributing to a robust data security architecture. Your understanding safeguards your organization’s most valuable asset: its data.


Object Level Security Model consists of 2 types.

  • Profile
  • Permission sets.

Profile :

A profile is a group/collection of settings and permissions that define what a user can do in Salesforce. A profile controls “Object permissions, Field permissions, User permissions, Tab settings, App settings, Apex class access, Visualforce page access, Page layouts, Record Types, Login hours & Login IP ranges”.

Profile can be assigned to many users, but a user can be assigned a single profile at a time.

Types of profiles in Salesforce

Standard profiles:

 By default, Salesforce provides below-standard profiles. We cannot delete standard ones.

Standard Profiles available in Salesforce are

  • Read Only
  • Standard User
  • Marketing User
  • Contract Manager
  • Solution Manager
  • System Administrator

Each of these standard ones includes a default set of permissions for all of the standard objects available on the platform.

Custom Profiles:

Custom ones defined by us. They can be deleted if there are no users assigned to that particular one.

Permission sets :

The permission set is also very similar to the profile. Whatever you can manage at profiles (Like Object permissions, Field Permissions, User permissions, Tab settings, App settings, Apex class permission, visualforce permission, the same you can manage here also. But the main difference between these two is that users can have only one profile and can have multiple permission sets at a time.

So we can define profiles to grant minimum permissions and settings that every type of user needs, and then we can use permission sets to grant additional access.

Reference :

  1. Salesforce Security
What’s your Reaction?

You may also like

Leave a Comment