Object, Field, and Record Level Security

Examples

Here are some examples of the different levels of access that you can control.

• Object-Level Security (OLS): The Customer_Orders object is accessible to users in the Sales department who are assigned to the appropriate data space.
• Field-Level Security (FLS): Hide the Credit Card Number field for users outside the finance team.
• Record-Level Security (RLS): Show customer records from a specific region to a user, or display only the records they own by comparing data from the protected object with attributes of the logged-in user. All supported attributes are Salesforce IDs stored in 18-character format:
  • User ID – Unique ID of the logged-in user
  • Role ID – User’s Salesforce role
  • Org ID – User’s Salesforce organization
• RLS with Joins: Extends record-level security by allowing access rules to reference external mapping or lookup tables, enabling more dynamic and context-aware access conditions. For example, you can create a permit access policy to allow users to access opportunity records if those records are owned by them or by someone in their reporting chain, based on the manager hierarchy.
• RLS with Hierarchy: Allows you to set access rules based on reporting structures from Salesforce CRM, such as manager or role hierarchies. You can create a policy rule so that a manager automatically sees records owned by them and their team, while team members can view only their own records.