Salesforce security interview questions

Salesforce security interview questions

Salesforce security interview questions or data and security salesforce interview questions

There are different levels of security that is implemented in Salesforce. This post is related to data and security.

What are different Levels of data access in Salesforce?

Organization level security

For your whole org, you can maintain a list of authorized users, set password policies, and limit logins to certain hours and locations.

Object level security

Access to object-level data is the simplest thing to control. By setting permissions on a particular type of object, you can prevent a group of users from creating, viewing, editing, or deleting any records of that object. For example, you can use object permissions to ensure that interviewers can view positions and job applications but not edit or delete them.

Field level security

You can restrict access to certain fields, even if a user has access to the object. For example, you can make the salary field in a position object invisible to interviewers but visible to hiring managers and recruiters.

Record level security

You can allow particular users to view an object, but then restrict the individual object records they’re allowed to see. For example, an interviewer can see and edit her own reviews, but not the reviews of other interviewers. You can manage record-level access in these four ways.

  • Organization-wide defaults
  • Role hierarchies
  • Sharing rules
  • Manual sharing


Salesforce security interview questions

Salesforce security interview questions

What is Organization-wide defaults?

Organization Wide Defaults(OWD) in salesforce is the baseline level of access that the most restricted user should have. Organizational Wide Defaults are used to restrict access. You grant access through other means like(sharing rules, Role Hierarchy, Sales Teams and Account teams, manual sharing, Apex Sharing ). In simple words Organization Wide Defaults(OWD) specify the default level of access users have to each other’s records.

For more details please level to below post Organization Wide Defaults(OWD) in salesforce

What is role hierarchy?

It gives access for users higher in the hierarchy to all records owned by users below them in the hierarchy. Role hierarchies don’t have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.

What are Sharing Rules?

Sharing Rules are automatic exceptions to organization-wide defaults for particular groups of users, so they can get to records they don’t own or can’t normally see. Sharing rules, like role hierarchies, are only used to give additional users access to records. They can’t be stricter than your organization-wide default settings.

What is Manual sharing?

It allows owners of particular records to share them with other users. Although manual sharing isn’t automated like org-wide sharing settings, role hierarchies, or sharing rules, it can be useful in some situations, such as when a recruiter going on vacation needs to temporarily assign ownership of a job application to someone else.

Some more questions for Salesforce security interview questions post.

What is Profile

Each user has a single profile that controls which data and features that user has access to. A profile is a collection of settings and permissions. Profile settings determine which data the user can see, and permissions determine what the user can do with that data.
  • The settings in a user’s profile determine whether she can see a particular app, tab, field, or record type.
  • The permissions in a user’s profile determine whether she can create or edit records of a given type, run reports, and customize the app.

Profiles usually match up with a user’s job function (for example, system administrator, recruiter, or hiring manager), but you can have profiles for anything that makes sense for your Salesforce org. A profile can be assigned to many users, but a user can have only one profile at a time.

What are standard profiles?

  • Read Only
  • Standard User
  • Marketing User
  • Contract Manager
  • System Administrator


What is Permission Set?

A permission set is a collection of settings and permissions that give users access to various tools and functions. The settings and permissions in permission sets are also found in profiles, but permission sets extend users’ functional access without changing their profiles.

Permission sets make it easy to grant access to the various apps and custom objects in your org, and to take away access when it’s no longer needed.

Users can have only one profile, but they can have multiple permission sets.


What is “View all” and “Modify all” permission?

View all and Modify all permissions are usually given to system administrator. When you grant “View All” or “Modify All” for an object on a profile or permission set, you grant any associated users access to all records of that object regardless of the sharing and security settings.

In essence, the “View All” and “Modify All” permissions ignore the sharing model, role hierarchy, and sharing rules that the “Create,” “Read,” “Edit,” and “Delete” permissions respect. Furthermore, “Modify All” also gives a user the ability to mass transfer, mass update, and mass delete records of that specific object, and approve such records even if the user is not a designated approver.

These tasks are typically reserved for administrators, but because “View All” and “Modify All” let us selectively override the system, responsibilities that are usually reserved for the administrator can be delegated to other users in a highly controlled fashion.


Is it possible to restrict permission for users using permission set?

No, Permission Set always extends the permission. It does not restrict permission to users.

If a user does not have access to a specific record type, will they be able to see the records that have that record type?

Yes, Record type controls only visibility of record on UI but not its access to users. If user does not have access to record type then user will not be able to create records for that record type using UI. But user will we able to see records if they have appropriate permission to do so.

For more details related to salesforce security please refer to this trailhead module Data Security

If you have any question related to Salesforce security interview questions, please add your comments

I will keep adding more questions to Salesforce security interview questions.


Permanent link to this article:


Skip to comment form

  1. Certainly agree with just what you said. Your explanation was certainly the simplest to comprehend. I tell you, I usually get annoyed any time folks discuss issues that these people obviously dont know about. You were able to hit the nail on the head and spelled out the whole thing with out complication. Perhaps, folks could take a signal. Will likely be back to obtain more. Appreciate it

    Salesforce Consulting services in India

    • jyoti on July 10, 2020 at 8:39 am
    • Reply

    i want to know profile setting is than organization-wide default settings. which will work .

    • Priyanka Sarkar on July 22, 2021 at 7:58 pm
    • Reply

    Hello, it’s very helpful. Could you please make a blog on secnario based questions on security model.

    • Nimesh on January 2, 2023 at 5:44 pm
    • Reply

    If user has View all and Modify All permission ,and if we want to block edit or Delete Permission ,Is it possible?

    • TARUN GUPTA on April 28, 2023 at 5:26 pm
    • Reply

    If a user has both “View All” and “Modify All” permissions, it is not possible to block their ability to edit or delete records.

    “View All” permission allows a user to see all records in an object, regardless of ownership or sharing rules. “Modify All” permission allows a user to edit, delete, or transfer ownership of any record in an object, regardless of ownership or sharing rules.

    If you want to restrict a user from editing or deleting certain records, you could consider changing the record ownership or adjusting the sharing settings for those records. Alternatively, you could create a validation rule or trigger to prevent specific users from making changes to certain records based on specific criteria. However, keep in mind that these methods may affect other users’ access to those records as well.

Leave a Reply

Your email address will not be published.