Profiles and Roles and Permission sets:-

  The profiles and permission sets are configuration items in Salesforce that will   allow us to control different types of functionalities and the roles with allow us to     control record visibility primarily.

Profiles:-

profile in Salesforce is a group/collection of settings and permissions that define what a user can do in Salesforce. A profile controls “Object permissions, Field permissions, User permissions, Tab settings, App settings, Apex class access, Visualforce page access, Page layouts, Record Types, Login hours & Login IP ranges.

A profile can be assigned to many users, but a user can be assigned a single profile at a time.

profile is mandatory for every user in salesforce ,you can't have a user without profile .

Types of profiles in Salesforce

  1. Standard profiles: By default, salesforce provides below standard profiles. We cannot delete standard ones.
    • Read Only, Standard User, Marketing User, Contract Manager, Solution Manager & System Administrator. 
    • Each of these standard ones includes a default set of permissions for all of the standard objects available on the platform.
  2. Custom Profiles: Custom ones defined by us. They can be deleted if there are no users assigned to that particular one.

Permission sets:-

Permission Sets in Salesforce extends user’s functional access without changing their profile. It is a collection of Settings and permissions.

When you should choose Profiles ???

When you have set of permission set which needs to be shared with multiple users, then you can give all the users the same profile.

When to choose Permission set??

If there is a specific permission, or access that you don’t want to share with everyone but only with few users, then you can go for Permission Set. Just like profiles, through permission set also you can control object and  field level security.


Difference between profile and permission sets:-

One profile can be assigned to multiple users. But one user can’t have more than one profile at a time.But in the case of permission sets, One user can have multiple permission sets at a time, and also one permission set can be assigned to more than one user.


Roles :-  
It is another way to control access to recods.
 In salesforce, roles are defined so as to increase the data visibility a particular user has. The data visibility can be increased using sharing rules or by building role hierarchy. Role hierarchy allows the user sitting in higher level have access of records owned by users having role lower in hierarchy. It is not mandatory that a user should have a role.
Organisation wide default sets the default access for objects, for example OWD set as private would mean that only the owner of the record can access the record. One way to grant additional access of these records to other users is through roles i.e users higher in role hierarchy would get the access of records owned by users lower in hierarchy. Other way is by writing sharing rules, wherein we can specify the logic to decide which record should be shared and with what role user. We can specify against custom objects whether the records should be shared using role hierarchy or not but this is default set for standard objects and cannot be changed. That is, standard object records will always be shared according to role hierarchy. Defining role for users is not a mandatory thing, however not defining role for a user could affect the data shown on opportunity and other reports for that user.

1. Role controls the level of record access user has
2. Helps extend the OWD settings for different objects
3. Sharing rules can be written to share records with particular role and subordinates
4. Defining role for user is not mandatory. 


Difference between profile and role:-


                 
 
                Profiles                                                                      		                                        Roles 
 1. Profile defines what a user can do within the org
 1. Role defines what user can see depending on the hierarchy(Helps in defining data visibility)
 2. Defining profile for a user is mandatory, 
2. Defining role for user is not mandatory. 
 3.It control object level access  3.It control record level access 
  
                                                        


Comments

Post a Comment

Popular posts from this blog

EVENTS IN Lightning Web Components

Events in Lightning web components (LWC) | Communicate with Events In this post we will talk about how to use the lightning web component events to communicate between components. Events in Lightning web components are built on DOM Events, a collection of APIs and objects available in every browser. Here we will be see how to the events using the CustomEvent interface and publish-subscribe utility. COMPONENT COMMUNICATION THROUGH EVENTS There are typically 3 approaches for communication between the components using events. Communication using Method in LWC ( Parent to Child ) Custom Event Communication in Lightning Web Component (Child to Parent ) Publish Subscriber model in Lightning Web Component ( Two components which doesn't have a direct relation )  1) COMMUNICATION USING METHOD IN LWC (PARENT TO CHILD) In Aura framework, we can call the method of Child Component from the Parent Component with the help of <aura:method> . In LWC also we can do the same. In LWC Aura Method...
Read more

Security model

Image
  Salesforce provides a robust and flexible data security model to secure data at different levels. It also provides a sharing mechanism to open up access securely based on business need. Organization level security For your whole org, you can maintain a list of authorized users, set password policies, and limit logins to certain hours and locations. Login IP Ranges  – Login IP Ranges defines a set of IP ranges, so a user with that profile can only log in from that set of IP ranges. If the user tries to log in outside that range, the user would be simply kicked out. There is always confusion between trusted IP ranges and login IP ranges. The difference is, using trusted IP ranges, users can log in outside the trusted IP range with verification method, whereas with login IP range, there is no way to log in outside login IP range . Login Hours – It allows us to set login and log out time-based on the day for users with the profile. You can set time daily in a week. With the help...
Read more

Imperative apex call

Imperative apex call:-             If  an  apex class is  not annotated  with cacheable = true  the only option to call it in LWC  is imperative apex call. since  cacheable methods can't perform DML operations. When  dml is needed the only way to call such method in lwc is Imperative apex approach. This method will return the  Promise . Hence we need to handle the Success and Failure response using  then  and  error  function respectively.  While making imperative call to server  the response is served directly in the object and you don't need property.data. Can perform DML too. Can work with objects not supported by User Interface API (Task,Event).      Syntax :-                            javascriptFunctionName(){                         ...
Read more