Loading
Secure Your Salesforce Org
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Manage User Access

            You are here:

            1. Salesforce Help
            2. Docs
            3. Secure Your Salesforce Org

            Manage User Access

            Salesforce provides a layered approach to user access so that you can control what data users can see and what tasks they can perform.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            The available user and data management options vary according to which Salesforce edition you have.
            Note
            Note Salesforce includes multiple levels of access control, so we detail the steps in a separate guide. For detailed information and instructions, see Manage Users and Data Access.

            Users and Licenses

            Every Salesforce user is uniquely identified by a username, password, and profile. Before a user can log in, you assign them a user license that determines which features and objects are available to them. You can also assign permission set licenses to users to entitle them to additional features.

            Object, Field, and User Permissions

            Object permissions control whether a user can create, read, edit, or delete records of a particular object type. Field permissions control whether a user can read or edit the value of a particular field. User permissions specify what tasks users can perform and what features they can access, such as viewing setup pages or accessing the API. Together, these permissions make up the baseline layer of data access control in Salesforce.

            You configure permissions in profiles, permission sets, and permission set groups.

            • Profiles define default settings for a user, including assigned apps, record types, and page layouts. Every user has exactly one profile.
            • Permission sets grant permissions and access settings without changing a user’s profile. You can assign multiple permission sets to a single user, which makes it easier to give users the exact access they need without creating a separate profile for every combination.
            • Permission set groups bundle multiple permission sets so that you can assign them as a unit for easier management.

            Salesforce recommends that you use permission sets and permission sets to manage your users’ permissions and access. You can configure permissions in profiles, but it’s recommended to use profiles for default settings.

            Sharing and Record Access

            Sharing settings determine which individual records a user can see and edit, building on the object permissions that you first configured. You set up record-level access using several features.

            • Org-wide defaults set the baseline level of access to records. Set org-wide defaults to the most restrictive level that any user requires, then use other sharing features to open up access where needed.
            • The role hierarchy gives users access to records owned by or shared with users below them in the hierarchy. This feature simplifies collaboration by providing managers with visibility into their reports’ data.
            • Sharing rules extend record access to groups of users based on record ownership or other criteria.
            • Manual sharing lets record owners share individual records with specific users or groups when sharing rules or other features don’t cover the need.
             
            Loading
            Salesforce Help | Article