07 Mar Security in Salesforce
Force.com provides an extremely powerful and flexible security architecture. This architecture lets you define how users log in, determining for example which IP ranges are acceptable, what hours of the day are allowed, how long sessions stay active for and so on. It also lets you define programmatic control: for example, which users may log in through a Web services API, and which end points a running application can connect to from the Force.com platform. The platform security architecture also lets you define administrative security permissions, and the security profiles lets you determine who has access to which features and components – ranging from the Setup menu all the way through to read-write settings on an object or field.
Access to (most parts of) the Force.com platform is only granted after a user is authenticated. Users have to first be established, usually by an Administrator—a user with special security privileges.
System permissions grant access to capabilities which apply to your entire Force.com environment. System permissions are granted to profiles. Every user is assigned to one profile. You can access profiles and their permissions through Setup | Manage Users | Profiles. The Force.com environment comes with a set of standard profiles which cannot be edited. You can also create your own custom profiles.
Moving up from the low-level system permissions, the Force.com platform also allows you to set permissions on individual Force.com components. For the following components, you can allow or disallow access, based on profile:
· Apex classes
· Visualforce pages
Record-based sharing is the ability to grant access to individual records within a particular object. You can allow no access, read only access or read and write access to a record through sharing that record with others. Of course, specifying sharing options for each individual record, although powerful and flexible, could be a complicated process. In order to simplify the use of sharing, the Force.com platform provides organization-wide defaults.