Difference Between Profiles, Roles and Permission Sets in Salesforce

A quick guide to the key differences between Profiles, Roles and Permission Sets in the Salesforce security model.

photo-1503024572063-b3c621a2d424

If you are new to Salesforce, or perhaps haven’t worked with the different tools available in the security model for a while, this handy little guide should give you a steer on whether or not you should be considering using Profiles, Roles or Permission Sets as part of your solution.

Profiles

Once basic access settings have been configured in your Organisation Wide Defaults, Profiles determine a user’s most basic level of access to objects, and therefore users can’t be created in Salesforce without being allocated a Profile. Remember, you can’t use Profiles to revoke access already granted via Organisation Wide Defaults – you  can only grant additional access.

Here is a partial list of what you can control access to using Profiles:

  • Page Layouts
  • Fields
  • Apps
  • Tabs
  • Record Types
  • Admin Permissions (such as being able to manage users or author Apex)
  • General Permissions (such as being able to send emails or convert Leads)

(To see the full list, just log into your Org as a System Administrator and edit a Profile.)

Roles

Roles are different to Profiles, and are used to control access to records rather than objects or fields. These are commonly used to implement a Role Hierarchy whereby for example individual sales reps cannot see each other’s opportunity records, but their manager has a view of all their opportunities.

(See this comprehensive post about Salesforce record security for more information on Roles and Role Hierarchy.)

Permission Sets

Permission Sets are more like Profiles, in the sense that they can control the access a user has to specific objects and fields. Remember, you can’t use Permission Sets to revoke access already granted via Organisation Wide Defaults or Profiles – you can only grant additional access.

Here is a partial list of what you can control access to using Permission Sets:

  • Objects & Fields
  • Apps
  • Visualforce Pages
  • External Data Sources

(To see the full list, just log into your Org as a System Administrator and edit a Profile.)

Need more information?

I hope this post has been useful as a quick overview. The security model is a bit more complicated than this and offers even more features such as Sharing Rules, which I haven’t covered here. As always, your first port of call for more information should be the official Salesforce documentation or Trailhead.

Control Who Sees What – Salesforce Help
Data Security – Salesforce Trailhead

Photo by MILKOVÍ on Unsplash

One Comment

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s