Security in Salesforce

Sharing is Caring

Salesforce has quite a bit of built in security; and has lots of security features that can be customized. Access to most parts of the Salesforce / Force.com platform isn’t actually available until a user has been authenticated.

A few weeks ago, I began studying for Admin Certifications, and was fortunate to find this photo on twitter that @SalesforceBen had shared.

Security in Salesforce House

Security in Salesforce can basically be broken up into profiles and roles. Although they sound pretty similar, profiles and roles do have some differences. Profiles determine record privileges, and determine what the user can do. Profiles also control some salesforce system privileges. Roles or “Role Hierarchy” allows the user to access subordinate’s records, but doesn’t allow upward access.

While Salesforce has a lot of built in security, there’s still some of the standard risks such as Cross Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection (SOQL Injection). The Salesforce Security Guide can help reduce some of these risks.

Sharing is Caring

Brian is a programmer and technology leader living in Niagara Falls with more than ten years of development experience. He is passionate about automation, business process re-engineering, and building a better tomorrow.

Brian is a proud father of four: two boys, and two girls and has been happily married to Crystal for more than ten years. From time to time, Brian may post about his faith, his family, and definitely about technology.