What is Data Security in Salesforce ?

Salesforce is built with security to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. However, protecting your data is a joint responsibility between you and Salesforce. The Salesforce security features enable you to empower your users to do their jobs safely and efficiently.

Data Security in Salesforce

Choosing the data set that every user or group of users can see is one of the key choices that impacts data security. You want to discover a stability among restricting access to records, thereby restricting risk of stolen or misused data, as opposed to the benefit of data access to your users.

What are different types of Data Security in Salesforce?

There are four types of data security in salesforce.

• Organization level security
• Object level security
• Field level security
• Record level security
  1. Organization-wide defaults
  2. Role hierarchies
  3. Sharing rules
  4. Manual sharing

What is Organization level security in Salesforce?

For your complete org, you could keep a list of legal users, set password policies, and restriction logins to certain hours and locations.

What is Object level security in Salesforce?

Access to object-level data is the only thing to control. By putting permissions on a specific type of object, you could prevent a set of users from creating, viewing, editing, or deleting any records of that object. You also can use profiles to control the objects that user can access and the permissions they’ve for every object. You also can use permission sets and permission set groups to increase access and permissions without editing users’ profiles.
For example, you could use object permissions to make sure that interviewers can view positions and job applications but not edit or delete them.

What is Field level security in Salesforce?

You can restrict access to certain fields, despite the fact that a user has access to the object.
For example, you could make the income field in a position object invisible to interviewers however visible to hiring managers and recruiters.

What is Record level security in Salesforce?

You can allow specific users to view an object, but then restrict the individual object records they may be allowed to see.
For example, an interviewer can see and edit her very own evaluations, however not the evaluations of different interviewers.

What are different types of Record level security in Salesforce?

There are four types of Record level security in salesforce.

• Organization-wide defaults
• Role hierarchies
• Sharing rules
• Manual sharing

What is Organization-wide defaults (OWD) in Salesforce?

Organization-wide defaults in salesforce specify the default level of access users need to each others’ records. You can use org-wide sharing settings to lock down your data to the maximum restrictive level, and then use the other record-level security and sharing tools to selectively give access to different users.

What is Role hierarchies in Salesforce?

Role hierarchies in salesforce provide access for users higher in the hierarchy to all data owned by users under them in the hierarchy. However, role hierarchies don’t need to match your organization chart exactly. Instead, every role in the hierarchy need to represent a level of data access that a user or group of users needs.

What is Sharing rules in Salesforce?

Sharing rules in salesforce are automated exceptions to organization-wide defaults for specific groups of users, so they can get to records they don’t own or can’t usually see. Sharing rules, like role hierarchies, are best used to present extra users access to records. They can’t be stricter than your organization-wide default settings.

What is Manual sharing in Salesforce?

Manual sharing in salesforce permits owners of particular records to share them with other users. Although manual sharing isn’t automatic like org-wide sharing settings, role hierarchies, or sharing rules, it could be beneficial in a few situations, such as when a recruiter going on holiday needs to temporarily assign ownership of a job application to someone else.

For more details refer to official link.

Difference Between Custom Settings and Custom Metadata Types