Salesforce Developer Security Authorization
// Salesforce - Developer - Security - Authorization: Authorization dictates what a user is permitted to access. On the Salesforce platform, administrators can define an authorization model to enforce their businesses data access requirements. There are several key features built into the platform that will help us accomplish this: 1. Profiles 2. Sharing Rules 3. Permission Sets Guiding Principle: 1. Least Privilege Definition: A person should only have access to the minimum amount of information required to accomplish their duties ensuring that their ability to take advantage of excess privilege purposefully or accidentally is minimzed. Configuring the authorization model such that every user can do their job, but no more. On the Salesforce platform, profile is a standard object that contains user permissions and access controls. Every user record is linked to a profile. Profiles control: 1. Which apps and tabs a user can see 2. What object permissions a user has 3. Which fields within objects a user can view 4. Which Apex classes and Visualforce pages users can access 5. Permitted login hours and IP addresses The primary component of authorization that exists outside of the profile is record visibility, which is controlled by sharing. Sharing in Salesforce consides of several components: 1. User role 2. Sharing rules 3. Organization wide defaults CRUD, Sharing, and FLS can be confusing concepts to keep clear. Our favorite analogy for keeping it all straight is an excel spreadsheet. 1. CRUD dictates which tabs, or objects you can read / edit / delete. 2. FLS (Field-level security) dictates which columns, or fields you can read / edit / delete. 3. Sharing dictates which rows, or records, in the spreadsheet are visible.
page revision: 0, last edited: 01 Jan 2017 23:33