Your Organization's sharing model sets the default access that users have to each other's data. The four sharing models are:
2. Public Read Only
3. Public Read / Write
4. Public Read / Write / Transfer
Only the record owner, and users above that role in the Hierarchy, can view, edit, and report on those records.
Example: If Tom is the owner of an account, and he is assigned to the role of Regional Manager, reporting to Carol (who is in the role of Vice President), then Carol can also view, edit, and report on Tom's accounts.
Public Read Only
All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records.
Example: Sara is the owner of an Account called ABC Corp. Sara is also in the role Regional Manager, reporting to Carol, who is in the role of Vice President. Sara and Carol have full read/write access to ABC Corp. Tom (another Regional Director) can also view and report on ABC Corp, but cannot edit it. This is because Tom is at the same level as Sara, not above her in the hierarchy.
All users can view, edit, and report on all records.
Example: If Tom is the owner of the Account Trident Inc., all other users can view, edit, and report on the Trident account. However, only Tom can alter the sharing settings or delete the Trident account.
All Users can view, edit, transfer, and report on all records (Only available for Cases or Leads).
Example: If Alice is the owner of the Account ACME case number 100, all other users can view, edit, transfer ownership, and report on that case. But only Alice can delete or change the sharing on case 100.
A profile defines a User's permission to perform different functions within Salesforce. Profiles also control the following:
- Which Page Layouts the User sees.
- The Field-Level Security access that the User has to view and edit specific fields.
- Which tabs the User can view.
- Which Record Types are available to the User.
- The hours and IP addresses from which the User can log in.
- Administrators and Users with the "Manage Users" permission, can create, edit, and delete Profiles.
Roles (User Roles)
Every user must be assigned to a role, or their data will not display in Opportunity reports, Forecast rollups, and other displays based on roles.
- All users that require visibility to the entire organization should be assigned the highest level in the hierarchy.
- It is not necessary to create individual roles for each title at your company, rather you want to define a hierarchy of roles to control access of information entered by users in lower level roles.
- When you change a user's role, any relevant sharing rules are reevaluated to add or remove access as necessary.
If your Organization uses Record Types, edit it to modify which picklist values are visible. You can also set default picklist values based upon the record type for various Business Units, or Record Uses.
This controls which fields appear in the layout, and their orientation on the page.
Field Level Security
Field-Level Security settings let System Administrators restrict the following:
- Access to view and edit specific fields on detail and edit pages.
- In related lists
- List views
- Offline Edition
- Search results
- Email and mail merge templates
- Custom Links
- When synchronizing data.
The fields that Users see on detail and edit pages are a combination of Page Layouts and Field-Level Security settings. The most restrictive field access settings of the two always apply.
Example: If a field is required in the Page Layout and 'read-only' in the Field-Level Security settings, the Field-Level Security overrides the Page Layout and the field will be 'read-only' for the User.