Profiles:
1) Profile is mandatory/required for a user, but only one profile for each user.
2) Profile defines what a user can do within the organization, means what level of access user has.
• User Interface Access: Application (App), Tabs, Page Layouts, Record Types.
• sObjects Access: Basic Access (Create, Read, Edit, Delete) and Data Administration (View All and Modify All).
• Field Level Access: Field Level Security (View, Edit).
• Permission Sets: Create, Read, Edit and Delete (CRUD) permissions over Apps, Tabs, sObjects, Fields.
• Login and Password Control: Login Hours, Login IP Ranges and Password Reset.
3) Profiles control other system privileges as well (Mass Email, Export Data, etc).
Roles:
1) Role is not mandatory/required for users.
2) Role defines what user can see depending on the hierarchy.
3) Role controls record level access in hierarchy only but not organization level.
4) Role in higher hierarchy can edit, view and generate reports on its subordinates data. (Subordinate - lower in hierarchy)
5) Roles come in to play, when security model OWD is set to private.
No comments:
Post a Comment