Salesforce Data Security Model – A Step-by-Step Guide

Leave a Comment / Blog / By

🔐 Salesforce Data Security Model – A Step-by-Step Guide 

 

Salesforce is a powerhouse CRM trusted by thousands of companies—but with great power comes great responsibility. Protecting your org’s data is crucial, especially in industries dealing with sensitive customer information. Thankfully, Salesforce offers a layered Data Security Model to control access and visibility at every level. 

In this blog, we’ll walk through the Salesforce security architecture step by step to help you implement secure and scalable access controls in your org. 

 

What Is the Security Model in Salesforce? 

 

The Salesforce Security Model determines: 

  • Who can see what (visibility), 
  • Who can do what (permissions), 
  • And how data is shared across users. 

It ensures that each user interacts only with the data relevant to their role, while sensitive information stays protected and compliant with standards like HIPAA, GDPR, etc. 

📌 Why Is Security Important? 

Security in Salesforce ensures that: 

  • Sensitive data is protected from unauthorized access. 
  • Users only see and interact with data relevant to their role. 
  • Compliance standards are met (HIPAA, GDPR, etc.). 

 

 

🧱 Types of Security in Salesforce 

 

Salesforce uses a multi-layered security model, organized into the following key components: 

 

1️ Organization-Level Security 

 

Controls who can log in and when. 

  • IP Ranges – Restrict login access to certain IP addresses. 
  • Login Hours – Limit logins to specific time windows. 
  • MFA (Multi-Factor Authentication) – Add an extra layer of protection. 
  • Session Timeout – Auto-log out users after inactivity. 

🔒 Goal: Prevent unauthorized access into your org entirely. 

 

2️ Object-Level Security 

 

Controls access to entire objects (e.g., Account, Opportunity). 

  • Profiles – Assign baseline object permissions (CRUD). 
  • Permission Sets – Grant additional access without changing profiles. 

📘 Example: A sales rep can Read Opportunities but not Delete them. 

 

3️ Field-Level Security (FLS) 

 

Controls visibility/editability of specific fields on an object. 

  • Defined in Profiles and Permission Sets. 
  • Prevents users from seeing sensitive fields even if they have access to the object. 

📘 Example: Hide SSN field from regular users. 

 

4️ Record-Level Security 

 

Controls access to individual records within an object. Managed through: 

 

🔹 a. Organization-Wide Defaults (OWD) 

  • Sets baseline access (Private, Public Read Only, Public Read/Write). 

 

🔹 b. Role Hierarchies 

  • Allows users higher in the org to access subordinates’ records. 
  • Can be disabled for custom objects if needed. 

 

🔹 c. Sharing Rules 

  • Auto-share records based on criteria or ownership. 
  • Types: Owner-based, Criteria-based (Read-Only or Read/Write). 

 

🔹 d. Manual Sharing 

  • Record owners manually share with specific users or roles. 
  • Limited to users with full record access. 

 

🔹 e. Apex Managed Sharing 

  • Custom logic in Apex to programmatically share records. 
  • Ideal for complex, dynamic scenarios. 

 

🔹 f. Teams (Account, Opportunity, Case) 

  • Define members with specific roles and access (e.g., Read, Read/Write). 

 

🔹 g. Territory Management 

  • Assign access based on geographic or strategic regions. 
  • Enables overlapping access and team selling. 

 

 

🛠️ Admin Tools for Monitoring Security 

 

🔍 Setup Audit Trail 

Tracks recent admin changes to setup/configuration. Helpful for compliance. 

📍 Setup → Security Controls → View Setup Audit Trail 

  • View last 20 changes online. 
  • Download full setup history (past 180 days). 

 

🔍 Login History 

Monitors all login attempts—successful or failed. 

📍 Setup → Manage Users → Login History 

  • Download up to 6 months of login logs. 
  • Formats: CSV or compressed GZIP. 

 

🚀 Best Practices 

 

  • Use Permission Sets instead of creating multiple profiles. 
  • Keep OWD as Private for sensitive data; open access via sharing. 
  • Regularly audit user access and review sharing settings. 
  • Document your security architecture for team clarity and audits. 

 

🔚 Final Thoughts 

 

Salesforce’s security model gives you granular control over data access. By carefully planning org-wide defaults, sharing strategies, and field visibility, you create a secure yet collaborative environment. 

🔐 Remember: Security is not just a checkbox—it’s a strategy. 

 

Leave a Comment

Your email address will not be published. Required fields are marked *