Scenario based discussion on Security Level 2

  • scenario based discussion level 2

In this article, you will learn the second level Permission Sets, and Role Hierarchy through scenario-based discussion.

OWD: The settings in OWD impact the entire Company for that object.

Profile: The settings in Profile impacts the entire Department in the Organisation for that object

Permission Set: The settings in Permission Set impacts only specific users in any department of the organisation for that object.

Permission Set

If User A is from AB Department and User B is from BC Department. If User A wants to see the records or data of the BC Department, then it will not be possible using Profile or OWD. We need extra permission to see the records of one department by the other department. That extra permission we can achieve using the Permission Set.

Permission Sets are like Profiles. We can give CRED Access, View All, and Modify All Permissions. Users with any type of license can be assigned to this Permission Set Group.

Role

Role is another type of giving permissions to access the records of other users. Suppose if OWD is Private as well as there is no Admin level access given by Profile or Permission Set (means View All and Modify All), still the Senior Level person in the hierarchy can access the records owned by the Junior Level Person.

Scenario based Questions:

Assume the object is Student. Users are A and B.

Scenario 1:

OWD is set as Public Read Write

Profile: The basic CRED access is absent so View All and Modify All access is not available

Permission Set: CRED access to User A is given and View All and Modify All access is not available.

Question: Can User A see the records of User B?

Answer: Yes, he can see the records of User B.

Explanation:

The user A has no access to view or edit his own records hence obviously he will not have access to view the records of other users. If there is no basic level access in Profile then we have to check in Permission Sets, whether the user has the access through this permission set. Here in this scenario User A has the basic CRED access. Then to see the records of other users he needs to have either View All or Modify All access. So it checks first in Profile, there is no access at Profile level. Then it will check in OWD. There the access is given as Public Read Write. That means the user A can view or edit the records of user B. Hence he can see the records of User B.

Scenario 2

OWD is set as Private

Profile: The basic CRED access is absent so View All and Modify All access is not available

Permission Set: CRED access to User A is given and View All access is given but Modify All access is not available.

Question: Can User A see the records of User B?

Answer: Yes, he can see the records of User B.

Explanation:

There is no basic level access in Profile. Then it will check in the Permission set. There the access is given. To view the records of other users we need to have at least View All Permission. It is also given in Profile. Then it will check the access through OWD. It is Private. But in the Permission Set it is given. Hence he can see the records of User B.

Scenario 3

OWD is set as Private

Profile: The basic CRED access is given; View All and Modify All access is not available

Permission Set: No CRED, View All and Modify All access

Role: User A is senior to User B

Question: Can User A see the records of User B?

Answer:  Yes he can see the records of User B.

Explanation:

User A has the access for his own records as CRED is given in Profile. To view the records of User B he needs View All access in Profile. There it is not given. Then it will check in OWD. OWD is Private. There is no access even through the permission set. But as User A is senior to user B, he can see the records of User B because of Role Hierarchy Permission.

Scenario 4

OWD is set as Private

Profile: The basic CRED access is given; View All and Modify All access is not available

Permission Set: No CRED, View All and Modify All access

Role: User A is senior to User B

Question: Still User A isn’t able to see the records of User B. Why?

Explanation:

As explained in the above scenario using Role Permissions the senior level person can have the access to see the records of his junior. But here, as User A is senior to User B he is not able to see the records. This is because the Grant Access Hierarchy access is unchecked in OWD. To use this Role based access, the Grant Access Hierarchy needs to be checked at OWD. Otherwise the senior can’t see the records of his juniors.

Also Read: Scenario based discussion on Security Level 1: Profile Vs. OWD

Found this article informative? Share this article.

Looking for expert answers to Salesforce questions? Send them to salesforce@cloudely.com. Our Salesforce experts will answer your queries.

Sarada is a Certified Salesforce Administrator. She is working as a Salesforce Developer at Cloudely

By |2023-03-13T18:38:36+05:30March 13th, 2023|Comments Off on Scenario based discussion on Security Level 2