Review Authorization and Access Management

Learn about authorization and access management.

• Restrict User Email Domains Control
  Define an allowlist to restrict the email domains allowed in a user’s Email field, to make sure the domains used are trusted.
• User Sharing and Visibility Control
  To enforce the principle of least privilege, set the User object’s Organization-Wide Sharing Defaults to "Private" and turn on the "Require Permission to View Record Names in Lookup Fields" setting.
• Control Who Sees What
  Salesforce uses a layered security model where Object and Field Permissions define the baseline for data access (CRUD), while Administrative, User, and Custom Permissions grant specific functional capabilities and system-level authority.
• User Access Policies Control
  Salesforce User Access Policy is a security and administrative control that allows for the automated or manual management of user permissions and licenses based on predefined criteria.
• Permission Sets Control
  To enforce the principle of least privilege and simplify user management, Salesforce administrators should assign users the "Minimum Access" profile as a baseline.
• Permission Set Groups Control
  Manage Permission Set Group to make sure that user access is granted based on specific job functions (personas) and adheres to the principle of least privilege, minimizing "permission sprawl."
• Controlling Access Using the Role Hierarchy Control
  In the role hierarchy, users have access to records owned by or shared with users in roles below them. Roles within the hierarchy affect access to components, such as records and reports.
• Compliant Data Sharing Control
  This control enforces the immediate removal of user participant records within the Compliant Data Sharing (CDS) framework whenever a user is deactivated or transitions to a role no longer requiring access.