 Hello everyone. I'm Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. In this video, I'm going to discuss about data sharing and security related question and answers. So this data sharing and security is related to Salesforce. So let's jump to first question. So if you are going for an interview, so there may be a question like what is sharing and security in Salesforce. So your answer can be data security is important because you need to control what a user or group of user can see in the org or app. Salesforce provides layered sharing model. You can easily assign different data sets to different group of users. You can control access to your whole org, any specific object, fields and records. Now, if you want to learn how the sharing and security model works in Salesforce through the demonstration, so you can just visit studiesalesforce.com. In administrator section, you will find data security playlist, so you can just watch all the recordings to understand this in detail. Next question can be what is sharing and security model? So there are four basic pillars. So first we have organization-level security, then object-level security, then field-level security, and then record-level security. What is organization-level security? So it maintains a list of authorized users, we can set password policies, log in limit to certain hours or locations like limit IP addresses from which users can log in, limit the times at which users can log in. Now comes object-level security, so it is important. So you can control object-level permissions for both standard and custom objects. You can set permissions for a particular object. You can give permissions to view, create, edit and delete any records of that object. And you can control object permissions using profiles and permission sets. Now how we can do this? So just visit studiesalesforce.com to learn more. Then what is field-level security? So you can restrict access to certain fields in Salesforce even if user has object-level access. You can make a field visible to a particular user and can hide that from another user. You can give lead or added permission to a field. If you don't give both, then that field will not be visible. Field-level security can be controlled through profiles and permission sets. Now what is profile? So a profile is a collection of settings and permissions. Profile settings determines which data the user can see and permissions determines what the user can do with that data. A profile can be assigned to many users, but a user can have only one profile at a time. So this is important to know. So if you have created profiles, so one user can have at least an at-max one profile. Not more than one, not less than one. But one profile can be assigned to many users. What can be controlled through a profile? So we can control assigned app and assigned connected apps, object settings, app permissions, APIX class and VSP's access, external data source access, named credential access, flow access, custom permissions and custom metadata type, custom setting definitions, and system permissions. Enhanced profile user interface. So you can switch to Enhanced profile user interface through setup. And in setup, you can find if you search user management settings. So if you open that page, so you will find like how to enable this Enhanced profile user interface. So if enabled, then you can browse, search and modify settings and permission in a profile through a streamlined user interface. So this is important to know like a profile has two different interfaces. So if you enable Enhanced profile user interfaces, so you will be having streamlined user interface. Otherwise, you will be having the detailed user interface. What is permission set? So a permission set is a collection of settings and permissions that give user access to various tools and functions. Permission sets extend users functionality access without changing their profile. So it means like if user is having a profile assigned already, and if you want to give additional permissions, so you can assign permission sets to that user. So through permission sets permission can be granted and anytime it can be taken away as well. Users can have only one profile, but they can have multiple permission set assigned. What can be add on through a permission set? So assigned apps and assigned connected apps, object settings, app permission, Apex class and VS page access, external data source access, named credential access, flow access, custom permissions and custom metadata type, custom settings definitions and system permissions. Now, what is permission set group? So permission set group bundles different permission sets together based on a persona. A permission set group includes all the permissions available in the permission sets. So basically, if you have supposed five permission sets and you don't want to assign those five permission sets again and again to users, because you will be individually assigning them. So what you can do, you can club all those permission sets into a permission set group. And then you just need to assign that permission set group so that all those permission set settings permissions will be applied automatically. Now in permission set group, you have one more feature that is one permission set can be included in more than one permission sets set groups. And a user can be assigned one or more permission set groups. Also, we can assign permission set and permission set groups together to user, right? Now I was talking about the one spatial thing that is available in permission set group, like we can mute the permissions in permission set groups. So this is the next question. What is mute in permission set group? One can mute some permissions in permission set groups so that they won't be given to the user. If you mute particular permission in permission set group, then it won't impact individual permission set, they remain intact. You can anytime unmute the permissions in permission set group, right? How many profiles can be assigned to a user? One, not zero, not more than one. How many permission sets can be assigned to a user so it can be zero or any number of permission sets? Now what is record level security? So you can restrict access to records for users, even if user has object level permissions. For example, a user can view his own records but not others. You can manage record level access in following ways. So we have four options like first you need to enable organization wide defaults. Then you can apply role hierarchies, sharing rules and manual sharing to open up the permissions. Now what is OWD? So OWD basically stands for organization wide defaults that we saw in the previous question. It specifies the default level of access of record. So you can provide sharing settings, lock down the data to the most restrictive level. Here you have three access level, one is private, then public read only and public read write. So you can use other record level security and sharing tools to open up the sharing of records, right? So now particularly we are talking about record level security, right? Record sharing. So previously we talked about object and fields. So for controlling object and field permissions, we have profile permission sets and permission set groups. But if you want to control record sharing, so we have OWD that we discussed, then we have role hierarchy. So now what is role hierarchy? So role hierarchy gives access for users higher in the hierarchy. That user can access all records owned by the users below them in the hierarchy. Each role in the hierarchy should represent a level of data access that a user or group of user needs. You can assign users to roll through role hierarchy or user detail page. So if you have applied OWD and then you want to open up record sharing, so you can use role hierarchy. So if we take simple example, like if you are working in an organization and your reports to your manager. If your records are not shared with anyone, then if you fall under a particular manager, so there should be role hierarchy implemented and your records will be visible to your manager, even if your record level security like OWD is private for a particular object. So what is grant access using hierarchies? So this option is available when you open sharing settings to apply OWD. So this feature controls whether the user who is above in the role hierarchy can access the records of subordinates or not. So this also we can control. So for particular object, we can control it. So it is checked by default for all the standard object, but we can control it for custom object. So we can control which object will be shared with your manager or who is higher in the hierarchy because it may be possible like you don't want to share all the objects. You want to show some of the specific objects that your manager should know. So accordingly you can control sharing through grant access using hierarchies. What is sharing rule? So sharing rules are exceptions to all by defaults. Through sharing rules, you can share records to a group of users or to roles, roles and subordinates so that they can get access to the records they don't own or can't manually see. So basically if in an organization, if two users or group of users are available and you want to share records which are owned by a user or group of user with another user or group of user. So in that case, you can use sharing rule. So basically role hierarchy opens up record sharing vertically. Like if you report to someone, then only your records will be shared. But if you don't report to someone, still you want to share the records basis on certain conditions. So you can do that with the help of sharing rule. Again, everything that you want to learn in detail. So all the detailed videos are also available on studiesalesfirst.com. So do visit and learn these concepts in detail as well. Now there are two ways to create sharing rules. One is owner-based sharing and second is criteria-based sharing. So owner-based sharing means the record owner will be the criteria in that case. And criteria-based sharing, you can have any field in the criteria and basis on that criteria, your report sharing will be done. What is manual sharing? So manual sharing allows owners of particular reports to share them with another users. Manual sharing is not automated like OWD, role hierarchy or sharing rules. It can be useful in some situations where you manually want to share or report with another user. So on each record, on top right corner, when you have a drop-down option where all the quick action or actions are available. So there you will find a sharing button. So if you hit that button, so you can choose like with which user you want to manually share that particular report. And anytime you can revoke sharing as well. What is public group? So in sharing, we use public group as well. So basically it is a group of users. You can add or remove users from one public group anytime. Following can be member of a public group. So one public group can be member of another public group. Roles can be member of public group. So if you have assigned one role to let's suppose five users. So all those five users will be the member of that public group if that respective role is member of that group. Then roles and subordinates. So one role and whatever sub roles those are associated with the role and users, individual user. You can also control grant access using hierarchies while creating public group. Object does not have added permission, but OWD is public read write. So what will happen? So user won't be able to edit the record. Right. So again, I'm repeating the question. So object does not have added permission, but OWD is public read write. So if you don't have added action on the object level and you have like public read write permission on OWD. Still you won't be able to edit the record because on top object is not having added permission. Next is view all and modify all. So it grants access to all records of the object regardless of the sharing and security settings. View all and modify all permissions. Ignore the sharing model roles and sharing rules. Right. So this is also important to know. So these, these were the questions. Those I prepared related to data security and sharing. So I hope it will help you to prepare yourself for Salesforce administrator interview. And if you want to learn these concepts in detail, so you can visit studied Salesforce.com. There you will find all the recorded videos along with the theoretical as well as practical demonstrations. Thank you.