Loading
Manage Users and Data Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Comparing Security Models

            You are here:

            1. Salesforce Help
            2. Docs
            3. Manage Users and Data Access

            Comparing Security Models

            To manage your users’ access to data, you can configure sharing settings, permissions, and other features.

            Required Editions

            Available in: Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, Developer, and Database.com Editions

            Salesforce user security is an intersection of sharing, and user and object permissions. In some cases, such as in end-user record level access, it is advantageous to use sharing to provide access to records. In other cases, such as when delegating record administration tasks like transferring records, cleansing data, deduplicating records, mass deleting records, and delegating workflow approval processes, it is advantageous to override sharing and use permissions to provide access to records.

            The “Read,” “Create,” “Edit,” and “Delete” permissions respect sharing settings, which control access to data at the record level. The “View All Records” and “Modify All Records” permissions override sharing settings for specific objects. Additionally, the “View All Data” and “Modify All Data” permissions override sharing settings for all objects.

            The following table describes the differences between the security models.

              Permissions that Respect Sharing Permissions that Override Sharing
            Target audience End-users Delegated data administrators
            Where managed

            “Read,” “Create,” “Edit,” and “Delete” object permissions;

            Sharing settings

            		 “View All Records” and “Modify All Records”
            Record access levels Private, Read-Only, Read/Write, Read/Write/Transfer/Full Access “View All Records” and “Modify All Records”
            Ability to transfer Respects sharing settings, which vary by object Available on all objects with “Modify All Records”
            Ability to approve records, or edit and unlock records in an approval process None Available on all objects with “Modify All Records”
            Ability to report on all records Available with a sharing rule that states: the records owned by the public group “Entire Organization” are shared with a specified group, with Read-Only access Available on all objects with “View All Records”
            Object support Available on all objects except products, documents, solutions, ideas, notes, and attachments

            Available on most objects via object permissions.

            View All Records and Modify All Records are not available for ideas, price books, article types, and products.
            Group access levels determined by Roles, Roles and Subordinates, Roles and Internal Subordinates, Roles, Internal and Portal Subordinates, Queues, Teams, and Public Groups Profile or permission sets
            Private record access Not available Available on private contacts, opportunities, and notes and attachments with “View All Records” and “Modify All Records”
            Ability to manually share records Available to the record owner and any user above the record owner in the role hierarchy Available on all objects with “Modify All Records”
            Ability to manage all case comments Not available Available with “Modify All Records” on cases
             
            Loading
            Salesforce Help | Article