The Salesforce security model incorporates features from various established security models, such as the Clark-Wilson model, the Graham-Denning model, and the Chinese Wall model(also known as the Brewer-Nash model), to provide a comprehensive and flexible approach to data protection. 

The security model in Salesforce is a robust framework designed to protect sensitive data and ensure user access is restricted to appropriate levels. Salesforce provides multiple layers of security to control user access to data and maintain data privacy. 

Read further for a deeper explanation of the Salesforce security model.

1. What is Salesforce Data Security?
2. Types of Organization Level Security
3. Types of Object Level Security
4. Types of Field Level Security
5. Types of Record-level Security
6. Types of Permission Sets
   1. Standard Permission Sets
   2. Custom Permission Sets

What is Salesforce Data Security?

Salesforce Data Security refers to the various mechanisms and protocols that Salesforce employs to protect the data stored within its platform. These security measures ensure that only authorized users can access specific data and perform specific actions, safeguarding sensitive information from unauthorized access.

What does the Salesforce security model look like?

The Salesforce security model is made up of different levels of security, including organization-level security, object-level security, field-level security, and record-level security. Each level addresses a specific aspect of data access and protection.

Security Level	Description	Key Mechanisms
Organization Level	Controls user access to the entire Salesforce platform	Authentication, IP Restrictions, Login Hours, Password Policies
Object Level	Controls user access to specific objects within Salesforce	Profiles, Permission Sets
Field Level	Controls user access to individual fields within an object	Profiles, Permission Sets
Record-Level	Controls user access to individual records within an object	OWD, Role Hierarchy, Sharing Rules, Manual Sharing
Permission Sets	Extend or restrict user access beyond baseline permissions set by profiles	Granular customization of access permissions

Organization Level Security

Organization level security focuses on controlling and managing user access to the entire Salesforce platform. It involves setting up and managing authentication protocols and security settings to protect the organization’s data.

Types of Organization Level Security

There are several types of organization level security mechanisms in Salesforce:

1. Authentication: Salesforce supports various authentication methods, such as single sign-on (SSO), two-factor authentication (2FA), and social sign-on, to ensure that only authorized users access the platform.
2. IP Restrictions: Administrators can restrict access to the Salesforce platform based on specific IP ranges, ensuring that users can only access the system from approved locations.
3. Login Hours: Admins can set specific login hours for users, limiting access to the platform during designated times.
4. Password Policies: Salesforce enables organizations to enforce strong password policies, such as minimum password length and complexity requirements, to enhance security.

Object Level Security

Object level security involves controlling user access to specific objects (i.e., tables) within Salesforce. It defines which objects users can view, create, edit, or delete.

Types of Object Level Security

There are two main types of object level security in Salesforce:

1. Profiles: Profiles are used to assign object-level permissions to users. They define which objects users can access and what actions they can perform on those objects.
2. Permission Sets: Permission sets are granular access controls that can be added to user profiles to extend or restrict their access to specific objects.

Field Level Security

Field level security focuses on controlling user access to individual fields (i.e., columns) within an object. This security layer allows administrators to define which fields users can view or edit.

Types of Field Level Security

Field level security in Salesforce is primarily managed through two mechanisms:

1. Profiles: Just like with object level security, profiles can be used to assign field-level permissions to users. They determine which fields users can see and edit.
2. Permission Sets: Permission sets can be used to further customize user access to specific fields, granting or restricting field visibility and editability as needed.

Record-Level Security

Record-level security controls user access to individual records (i.e., rows) within an object. This security layer ensures that users can only access the specific records they are authorized to view or edit.

Types of Record-level Security

There are four primary types of record-level security mechanisms in Salesforce:

1. Organization-Wide Defaults (OWD): OWD settings define the baseline level of access users have to records within an object. They can be set to private, public read-only, or public read/write.
2. Role Hierarchy: Salesforce uses a role hierarchy to control record access based on the user’s role within the organization. Users can access records owned by users below them in the hierarchy.
3. Sharing Rules: Sharing rules allow administrators to grant additional access to records based on specific criteria. For example, sharing rules can be used to grant access to records that belong to a certain group or meet specific conditions.
4. Manual Sharing: Manual sharing allows record owners or users with the appropriate permissions to share individual records with other users or groups manually.

Permission Sets

Permission sets are a powerful tool within the Salesforce security model. They allow administrators to extend or restrict user access beyond the baseline permissions set by their profile. Permission sets can be used to grant additional access to objects, fields, or records on a per-user basis, providing a flexible and granular approach to data security.

Types of Permission Sets

Permission sets are a versatile tool within the Salesforce security model, allowing administrators to extend or restrict user access beyond the baseline permissions provided by their profile. There are two main types of permission sets:

Standard Permission Sets

Standard permission sets are predefined by Salesforce and cannot be modified. They are designed to cover common user roles and access requirements. Some examples of standard permission sets include:

1. Read Only: Grants read-only access to most standard objects.
2. Standard User: Provides standard user access, allowing users to create, edit, and delete their own records.
3. Marketing User: Grants access to marketing-specific features and objects, such as campaigns and leads.
4. Contract Manager: Allows users to create, edit, and delete contracts and contract line items.

Custom Permission Sets

Custom permission sets are created by administrators to meet specific organizational needs. These permission sets can be tailored to provide granular access to objects, fields, and records based on the unique requirements of each user or group of users. Custom permission sets are ideal for situations where the standard permission sets do not adequately address an organization’s security needs.

In Summary

The Salesforce security model is a highly efficient and comprehensive framework that provides multiple layers of protection for sensitive data. By incorporating principles from the Clark-Wilson model, the Graham-Denning model, and the Chinese Wall model, it ensures robust control over user access to information.

The model covers various security aspects, including organization-level security, object-level security, field-level security, and record-level security, with permission sets offering granular customization of access permissions.

Salesforce’s security model effectively safeguards valuable data by offering flexible and granular control over user access. As a result, organizations can confidently utilize the Salesforce platform, knowing that their sensitive information is well-protected and available only to authorized users.