What is the profile?
A profile in Salesforce is a group/collection of settings and permissions that define what a user can do in Salesforce. A profile controls “Object permissions, Field permissions, User permissions, Tab settings, App settings, Apex class access, Visualforce page access, Page layouts, Record Types, Login hours & Login IP ranges.
You can define profiles by user’s job function. For example System Administrator, Developer, Sales Representative. A profile can be assigned to many users, but a user can be assigned a single profile at a time.
Types of profiles in Salesforce
- Standard profiles: By default, salesforce provides below standard profiles. We cannot delete standard ones.
- Read Only, Standard User, Marketing User, Contract Manager, Solution Manager & System Administrator.
- Each of these standard ones includes a default set of permissions for all of the standard objects available on the platform.
- Custom Profiles: Custom ones defined by us. They can be deleted if there are no users assigned to that particular one.
Navigation: setup -> Administer -> Manage users -> Profiles
What is Permission Sets?
The permission set is also very similar to profile. Whatever you can manage at profiles (Like Object permissions, Field Permissions, User permissions, Tab settings, App settings, Apex class permission, visualforce permission) the same you can manage here also. But the main difference between these two is that user can have only one profile and can have multiple permission sets at a time.
So we can define profiles to grant minimum permissions and settings that every type of user needs, then we can use permission set to grant additional access.
Examples:
1. We have many users in your organization with some fundamental job functions. We can assign all of then with one profile that grants them all access to do their job. But some set of people are working on special apps or some special functionality, for this type of special users we can create permission sets and can be assigned to them.
2. Some users need some temporary access to a specific set of fields and objects we can create a permission set with those object & field access and we can assign those specific users.
Navigation: Setup -> Administer -> Manage users -> Permission sets
What is Role Hierarchies?
A role hierarchy controls the level of visibility that users have to an organization data. By defining role hierarchies we can share access to records. Users assigned to roles near the top of hierarchies like (CEO, executives, and other higher level roles) get to access the data of all users who fall directly below them I hierarchy.
Role hierarchies enable the following behaviors.
A manager will always have access to the same data as his or her employees, regardless of the org-wide default settings. For custom objects, you can override this behavior by deselecting the Grant Access Using Hierarchies check box. However, we want our role hierarchy to apply to all of our custom objects, so leave the checkboxes selected.
Users who tend to need access to the same types of records can be grouped together—we’ll use these groups later when we talk about sharing rules.
I Really Thank for this Tutorial Team and Org..this is very very helpful for me…Thanks to all
thanks…this is good………..
it’s very useful but should provide many other terms like users
Thanks for providing this information. It is very useful to know the actual definition of roles and etc stuffs
Plz provide more trigger scenarios and ways of implementing them.
Sure Siva. We are working on it.
Thanks for providing this information. It is very useful to know the actual definition of roles and etc stuffs
hie, i have small query that , if OWD is private for the data and and the user is granted with permisssions in profile or permission set level.
will the user can able to see the data as its restricted in OWD?
Please assist me .
Yes ,He will be able to see the records and data .I can give you a example by which it will be easier to understand.By OWD you close the access for each and every user i.e. making it private .Then you provide particular users a key to access those data through permission set or profiles(Here permission sets and profiles are the keys ) .It’s as simple as that
its good for salesforce beginner to understand clearly…T
hank you
it is very good for beginners
which user can create new profile in salesforce?
First login.salesforce.com,
Click TRY IT Free,
Then click one of them: sales,service,App,
Now fill all the fields od blank boxex,
Then Agree,
Then click Start Free Trial.
Please tell if i set my OWD as Public read but in profile i give create edit permission will the user in a profile can can edit and write in the object?
Yes samartha the User will be able to Create and edit the records created under Order Object .
Like i have explained in my Previous Post also here again i will try to explain it in more layman term OWD is like Locking a door then your are giving Keys to the user through profile and Permission Sets .Here Setting OWD Public read Only is like locking the door and then giving it read and write Permission through Profile is like Giving him the Key .I think this explains your Query .
Very good explaination. I like it.
Very good Explaination. Please explain role in easy words.
well said about the above topics.
i want to start my career in SFD i had done my MCA is it good for future base????
Thanks everyone for your comments .if you have any queries related to salesforce you can ask it here i will try to explain it in as layman term as possible .
It’s very good explanation Profile Permission set and Roles
Its really superb and good explanation…its really helpfull …
please can u explain many more things like triggers,apex classes and full of security concepts
its helpful to understand the concept
thanks for the content ,it was clear and ease to understand
This is very helpful for beginners.
thank you sir. It is very useful to begineers .
Can we give profile level access to a particular report or report folder? So that those profile users will only able to edit those reports inside that folder. They shouldn’t edit any other only view access should be there.