What is a Junction Object?
A junction object is a custom object with two
master-detail relationships, and is the key to making a many-to-many
relationship.
What is the difference between Object-Level Security , Field-Level Security and Record-level Security?
Object-Level Security
The bluntest way that we can control data is by
preventing a user from seeing, creating, editing, and/or deleting any instance
of a particular type of object, like a position or review. Object-level access allows us to hide whole
tabs and objects from particular users, so that they don't even know that type
of data exists. On the platform, we set
object-level access rules with object permissions on user profiles.
Field-Level
Security
A variation on object-level access is
field-level access, in which a user can be prevented from seeing, editing,
and/or deleting the value for a particular field on an object. Field-level access allows us to hide sensitive
information like the maximum salary for a position or a candidate's social
security number without having to hide the whole object. On the platform, we set field-level access
rules with the field-level security.
Record-Level
Security
To control data with a little more finesse, we
can allow particular users to view an object, but then restrict the individual
object records that they're allowed to see.
For example, record-level access allows an interviewer like Melissa Lee
to see and edit her own reviews, without exposing the reviews of everyone else
on her team. On the platform, we
actually have four ways of setting record-level access rules:
• Organization-wide defaults allow us to specify
the baseline level of access that a user has in your organization. For example, we can make it so that any user
can see any record of a particular object to which their user profile gives
them access, but so that they'll need extra permissions to actually edit one.
• Role hierarchies allow us to make sure that a
manager will always have access to the same records as his or her subordinates.
• Sharing rules allow us to make automatic
exceptions to organization-wide defaults for particular groups of users.
• Manual sharing allows record owners to give
read and edit permissions to folks who might not have access to the record any
other way.
What are Organization-wide defaults?
Organization-wide defaults allow us to specify the baseline level of access that a user has in your Organisation. For example, we can make it so that any user can see any record of a particular object to which their user profile gives them access, but so that they'll need extra permissions to actually edit one. When dealing with record-level access settings, the first thing we need to do is to determine the organization-wide defaults (commonly called "org-wide defaults") for each object in our Recruiting app. Also called a sharing model, org-wide defaults specify the baseline level of access that the most restricted user should have.
What are Role Hierarchies?
Role hierarchies allow us to make sure that a
manager will always have access to the same records as his or her
subordinates. The first way that we can
share access to records is by defining a role hierarchy. Similar to an org chart, a role hierarchy
represents a level of data access that a user or group of users needs. Users
assigned to roles near the top of the hierarchy (normally the CEO, executives,
and other management) get to access the data of all the users who fall directly
below them in the hierarchy. The role hierarchy ensures that a manager will
always have access to the same data as his or her employees, regardless of the
org-wide default settings. Role
hierarchies also helpfully define groups of users who tend to need access to
the same types of records
What are sharing rules?
Sharing rules allow us to make automatic
exceptions to organization-wide defaults for particular groups of users. Sharing rules let us make automatic
exceptions to org-wide defaults for particular groups of users The thing to
remember with sharing rules is that, like role hierarchies, we can use them
only to open up record access to more users.
Sharing rules and role hierarchies can never be stricter than our
org-wide default settings.
What is Manual Sharing?
Manual sharing allows record owners to give read
and edit permissions to folks who might not have access to the record any other
way.
What are Profiles?
A profile is a collection of settings and
permissions that determine what a user can do in the platform, kind of like a
group in a Windows network, where all of the members of the group have the same
folder permissions and access to the same software. Profiles control:
• The objects the user can view, create, edit,
and delete
• The object fields the user can view and edit
(more on that later!)
• The tabs the user can view in the app
• The standard and custom apps the user can
access
• The page layouts a user sees
• The record types available to the user
• The hours during which the user can log in to
the app
• The IP addresses from which the user can log
in to the app
Profiles are typically defined by a user's job
function (for example, system administrator or sales representative), but you
can have profiles for anything that makes sense for your organization. A profile can be assigned to many users, but
a user can be assigned to only one profile at a time.
What are the differences between Roles and Profiles?
No comments:
Post a Comment