HELLO Salesforce Thinkers, In our previous blog we learned about Salesforce Data Security and Access – Part 4 (Login Hours) In this blog we are going to learn about “Object Access”. We will continue our learning journey by a series of blogs to go deeper and understand the Salesforce Data Security Model, Visibility and Access.

Object permissions specify the base-level access users have to create, read, edit, and delete records for each object. Object permissions let us hide whole tabs and objects from particular users, so that they don’t even know that type of data exists.

We can manage object permissions in permission sets and profiles.

Permission sets and profiles are collections of settings and permissions that determine what a user can do in the application.

A user’s profile determines the objects they can access and the things they can do with any object record (such as create, read, edit, or delete).

Permission sets are used to grant additional permissions and access settings to users.

Note:

• A profile can be assigned to many users, but a user can be assigned to only one profile.
• We can assign multiple permission sets to a single user.

The following permissions specify the access that users have to objects.

Object permissions either respect or override sharing rules and settings.

• Read  : With this permission user can view object’s records.
• Create  : With this permission users can read and create records.

• Edit  : With this permission user can read and update records.
• Delete  : With this permission user Users can read, edit, and delete records.

• View All : With this permission users can view all records associated with this object, regardless of sharing settings (Overrides sharing ).
• Modify All : With this permission Users can read, edit, delete, transfer, and approve all records associated with the object, regardless of sharing settings (Overrides sharing). We will discuss this in detail in our next blog .

Points To Remember :

Modify All on documents allows access to all shared and public folders, but not the ability to edit folder properties or create new folders.

To edit folder properties and create new folders, users must have the “Manage Public Documents” permission.

How to Assign Object Level Access ?

Let’s assign some object permission to a profile.

Navigate to Setup >> Enter Profiles in the quick find box >> select Profiles.

Select the user Profile, In this case we will select a custom profile.

Click the name of the Object.

Click Edit.

To enable permission on the object, select the checkbox in front of each permission in the Object Permissions section.

Let’s select Read and Create Permission for this Profile.

Click on Save.

Thank you for reading, hope the blog is helpful for you.