Monday, 14 September 2015

Difference between Object-Level Security , Field-Level Security and Record-level Security


Object-Level Security

The bluntest way that we can control data is by preventing a user from seeing, creating, editing, and/or deleting any instance of a particular type of object, like a position or review. Object-level access allows us to hide whole tabs and objects from particular users, so that they don't even know that type of data exists. On the platform, we set object-level access rules with object permissions
on user profiles.

Field-Level Security

A variation on object-level access is field-level access, in which a user can be prevented from seeing, editing, and/or deleting the value for a particular field on an object. Field-level access allows us to hide sensitive information like the maximum salary for a position or a candidate's social security
number without having to hide the whole object. On the platform, we set field-level access rules with the field-level security.

For More Detail Click Field-Level Security

Record-Level Security

To control data with a little more finesse, we can allow particular users to view an object, but then restrict the individual object records that they're allowed to see. For example, record-level access allows an interviewer like Melissa Lee to see and edit her own reviews, without exposing the reviews
of everyone else on her team. On the platform, we actually have four ways of setting record-level access
rules:
• Organization-wide defaults allow us to specify the baseline level of access that a user has in your organization. For example, we can make it so that any user can see any record of a particular object to which their user profile gives them access, but so that they'll need extra
permissions to actually edit one.
• Role hierarchies allow us to make sure that a manager will always have access to the same records as his or her subordinates.
• Sharing rules allow us to make automatic exceptions to organization-wide defaults for particular groups of users.
• Manual sharing allows record owners to give read and edit permissions to folks who might not have access to the record any other way.