 Hello friends. I am Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. In this video, I'm going to explain introduction of data security in Salesforce. Before starting, if you go to description of this video, you will find various links of playlists related to Salesforce videos. Also, one link is related to data security in Salesforce. So this is introductory video. Apart from this, I have also created demonstration videos related to data security in Salesforce. So if you go to that playlist, you will see all related videos. So watch them so that you can understand data security in Salesforce theoretically as well as practically. So let's start the theoretical explanation. So introduction data security is important because you need to control what a user or group of users can see in the or war app. Right. So this is very simple to understand. Second point is Salesforce provides layered sharing model so that you will understand and later with the other slides. Then you can easily assign different data sets to different group of users with the security model. Then you can control access to your whole or than any specific object fields and records. So we can control all these four things. First is org, second is object, third is field and fourth is records. So these are labels of data access. So first is organization, then object, then field and then records. So first understand organization. So organization level security, there are three points. So first is maintain a list of authorized users. Second, it sets password policies. Third limit login to certain arts and locations. So in this first point is limit IP addresses from which users can log in. And second is limit the times at which users can log in. So these things you can control through organization level security. So to understand this practically you need to watch the playlist related to data security in Salesforce. So the link is available in the description of this video also at the end of this video. So second is object level security. So this is very much important. So you can control object level permission for both standard and custom objects. You can set permissions for a particular object. Then you can give permission to view, create, edit and delete any records of that object. So through this object level security you can control these four things related to any object and record. If you have new permission, it means you can view the records related to that object. If you have paid permission, then you can create new records. If you have edit permission, you can update the records. And if you have delete permission, you can delete the records related to a particular object. And these four permission can be different for different different custom and standard objects. And you can control object permissions using profiles and permission sets, right? So you need to create various profiles and various permission sets if you want to give these permissions to the users. So this is about object level security. So I hope you understood this. And if you want to understand this practically. So again, follow the playlist that I already told you. So next is field level security. So field level security is also important. So if you have permission to access any object, then field level security comes. So if let's say if you have new permission on any object, it means you can view the records. But after having new permission on a particular object, you can also control like which field will be displayed or which are not. So first point is you can restrict access to certain fields in Salesforce, even if user has object level access. So that I already explained. If you have new permission still there may be chances you are able to view certain fields and you are not able to view certain fields. So that too, because field level security, then you can make a field visible to a particular user and can hide that from another user. So that can also be possible, like one field is available to a particular user and one is that similar field is not available to another user. Then third point says you can give read or edit permission to a field. So if you give read permission then that field will be only visible, read only, and if you give edit permission then that field will be visible as well as you can edit the data for that field. If you don't give both the permission then that field will not be visible, right? So you can give these, you can give field level permission with these three ways. Then last point says field level security can be controlled using profiles and permission sets. So again, similar to object level permission, if you want to control field level security, again you can go to profile permission sets. So if you want to give permission, you can choose a particular profile. If you give add-on permission, you can choose permission sets. So I hope you know about profiles and permission sets. So accordingly we can open up the permissions through these things. Next is record level security. So let's say if you have object level access, if you have access to certain fields as well, then comes record level security. So if you have access to certain records then only you can view the records. So if you have object level permission, if you have field level permission, so having both the permission but not having record level access then you will not be able to view the records. So first point says you can restrict accesses to records for users even if user has object level permission. For example, a user can view his own records but not others. So let's say you have view permission on the object, you have field level permissions as well, but at record level you have permission that you can view only your records, the records that are owned by you. And for other users, created records you cannot view, so that can happen. So you can manage record level access in following these. So there are four things. First is organization-wide defaults. Second is role hierarchies. Third is sharing rule and fourth is manual sharing. So first option that is organization-wide defaults. So this restricts the access and if you want to open up the restriction then you can use either role hierarchy or sharing rule or manual sharing. So now you might be thinking, let's explain these things in detail also. So here it is. So first understand organization-wide defaults. So it specifies the default level of access of records. So next point is org-wide sharing setting, lock down the data to the most restrictive level. So here three restrictions are available. So you can choose either private, you can choose public read only or you can choose public read write. So these three access levels are available. You can choose anyone as per the requirement. And if you have chosen private or public read only and if you want to open up that security. So you can use other record level security and sharing tools to open up the sharing of the records. So for restriction you can use organization-wide defaults and for open up the sharing you can use other three things that I already told you. Role hierarchies, sharing rules and manual sharing. So let's understand role hierarchies. So it gives access for users higher in the hierarchy. So let's say you are working as an employee in your organization and you have a manager. So manager is the higher user in your role hierarchy. So that user can access all records owned by the user below them in the hierarchy. So if you have your manager in your role hierarchy, so the records that are owned by you are automatically owned, sorry, are automatically accessible by your manager because you and your manager are available in a particular role hierarchy. Then third point says each role in the hierarchy should represent a level of data access that a user or group of user needs. So this is about role hierarchies. Next is sharing rules. So what happens when someone is not in your role hierarchy and still you want to share your records with that person or you want to share records of a particular user to another user. So these are exceptions to org-wide reports. So though sharing rules, you can share records to a group of users so that they can access the records they don't own or can't manually share. So this is another way of sharing the records. So again, this is theoretical explanation if you want to see this happening practically like how we can share records through sharing rules. So you need to watch the playlist so that you can understand or learn that thing and link of playlists available in the description of this video and at the end of this video. And last thing is manual sharing. So if it allows owners of a particular records to share them with other users, manual sharing is not automated like org-wide defaults, role hierarchies or sharing rules. So it is not automated. You need to do it manually. So it can be useful in some situations where you manually want to share a record with another user. So this way I explained you all four things. So in data security at top level, these four things are available. Organization level security, then object level security, then field level security and then record level security. So this is the complete data security model that is available in Salesforce. So in this video I explained all these things theoretically, but if you want to learn them through demonstration, practical demonstration. So I am uploading all related videos in a common playlist. So you can find link of that playlist that is related to data security in Salesforce in the description of this video. Also that is available at the end of this video. So open that playlist and watch individual videos having demonstration so that you can understand these things better. So I hope you understood whatever I explained in this video. Thank you for watching this video.