The Salesforce Security model is both flexible and robust, but grasping the mechanics can sometimes be challenging for new learners. Read on for a list of five key concepts that will get you up and running with Salesforce Security in no time!
As a Salesforce Certified Administrator and Principal Instructor, I teach a lot of security-related classes, including the Essentials for New Lightning Experience Administrators class. Salesforce Security is one of my favorite things to teach, but I know it can be challenging to learn.
I want to make sure my classes are interesting and fun as well as educational, so I spend a lot of my time thinking of ways to break down complex information into manageable chunks that Trailblazers can easily grasp.
Click the top right of the video for the playlist. Security is second on the list!
Now, read on for a quick rundown of the five key security concepts you need to know inside out.
Security is key—literally and figuratively!
The Salesforce Security model is incredibly flexible, but sometimes all the options available in the model can make it a bit challenging to understand. When it comes to the super-customizable world of Salesforce Security, even I found some of the concepts to be a bit tricky at the outset.
But they’re also core concepts you must understand if you’re trying to become a Salesforce Certified Administrator. Configuration and Setup, which includes Security-related questions, make up 20% of the exam, so it’s important to make sure you’ve really got a handle on Security as you get prepped for your certification.
Security of client data is at the forefront of what we do as administrators. Clients trust us to keep their information safe and limit data access so that it’s only available to those who really need it when they really need it. The basics of data security involve the principle of “least privilege,” which means that users only have access to the core information they need to do their job.
There are five key security-related concepts you need to learn:
As you begin studying Security, you’ll hear a lot about profiles. A user’s profile is instrumental in determining what a user can see or do in Salesforce. Are there groups of users with similar job functions who need access to the same sets of data? For instance, sales teams who need to access opportunities or service reps who need to access cases?
A profile will help you classify those access requirements to various types of users. Do you need to restrict the hours in which some users are able to log in? Want to restrict the IP range for Salesforce access? Need to make sure some users can access one object, like an Account object, but not a field that stores a credit card number? Setting up a profile can handle all of those requests by using Login Hours, Login IP Ranges, and Field Level Security.
2. Permission sets
A permission set is an additive permission on top of a profile. Permission sets can range from none to 10 or more.
If everyone on your sales team has a certain profile, but one salesperson needs access to a specific object, a permission set is the answer. The permission set is like the word “and.” So, in this case, you’d give the salesperson permissions for the Sales profile and the additional information. We can even assign a group of permissions to someone, with permission set groups!
3. Organization-wide defaults
Organization-wide defaults (OWDs) may sound complicated, but they’re not really. OWDs help to show your data model.
There are three data models: private, public, and hybrid. A public data model means that all data is open to everyone. Private means that all information is locked down at the outset, and then opened up only to the people who need it. The hybrid data model sits between these two. The way you configure your OWDs affects the rest of your Security settings.
4. Role hierarchies
A role hierarchy addresses the ability to access records. So, a certain profile may have access to an object like Contacts, but that doesn’t mean it allows access to all Contacts.
Using a sales analogy: If you’re a salesperson with a company that has 1,000 contacts, you may only be able to access the 200 assigned to you. A role hierarchy then offers the opportunity to “roll up” access to records on objects. So, a sales manager–placed in a hierarchy above the sales representatives—will have access to all of their own records plus the records of the representatives below them in the hierarchy.
5. Sharing rules
So the role hierarchy is all about rolling access up, but what if you want a different configuration and need to share information horizontally? Perhaps you have two sales reps who focus on different markets—let’s say one covers Boston businesses and the other covers Los Angeles businesses. But what if a business has an office in each of those cities?
In that case, it would be a huge benefit for each sales rep to have access to any other deals coming down the pipeline that might impact theirs. Setting up a sharing rule will allow both of these reps to share records with each other and have access to the information they need, even outside of their assigned market.
Taking security further
So those are the basics of Salesforce Security, but there’s still a lot to learn. Here are some of the ways you can take these security theories and put them into practice.
I’m known as the rapping Salesforce instructor, so allow me to… break it down!
1. Hit the Protect Your Salesforce Data trail
Head to Trailhead, Salesforce’s free online learning platform, and take this trail to gain insight about how data security functions, and then get into more detail about each of the topics listed above. There are also modules covering identity basics, user authentication, and Salesforce mobile app security and compliance.
2. Check out the “Who Sees What” series
I’ve gone back to watch this series multiple times. Each time you think you’ve grasped every concept, you’ll find there’s more to learn. And part of that learning is time and repetition, so these videos are a great resource.
3. It’s superbadge time
Ready to apply all of your hard-earned knowledge? It’s one thing to study and memorize the core concepts, but now you need to prove that you can apply that knowledge on your feet, in a real-world scenario. The Security Specialist superbadge challenges you to do just that—and when you’ve achieved it, you’ll have SUPER bragging rights!
4. Stay classy
Okay, as an instructor I might be a bit biased, but the Essentials for New Lightning Experience Administrators class is really perfect for aspiring admins. There are a lot of core topics covered in this 5-day class, but a big chunk of it is designed to help you lock down Security.
You already have the core knowledge, and your course instructor will be able to help you fill in any knowledge gaps you may not have been able to cover on your own.
Earning an Administrator credential proves to the world that you have what it takes to be a Certified Admin, including all of the core Security competencies. Getting certified doesn’t mean you’re at the end of your learning journey, but it does mean you’re well on your way.
Be patient with yourself
All of us struggle to make sense of some of these concepts–they’re not all easy! When I was struggling, a colleague gave me some of the best advice I’ve ever received, and I’ll pay it forward now: Be patient with yourself. Things worth knowing can’t be learned in an instant—you need time. Don’t give up if you struggle with a certain concept. Take some time, step away, review, and, eventually, it will click for you.
I really love teaching the core concepts of Salesforce Security, and I also know it can be a tough subject. But, like anything worth achieving, it’s the things that take the most effort that are often the source of our greatest sense of accomplishment. Study the concepts above, give Security its PROPS, and you’re sure to become a security pro in no time.