This post provides an overview of two aspects of Salesforce record security that every Admin runs into almost right away — Profiles and Roles — and how they work together to control access to your data.
It is important to understand how Salesforce collects and organizes your data. Salesforce objects (Account, Contact, Opportunity, Campaign, etc) are really tables in the database. Each object has its own table. Each Salesforce record is stored in the database table for its object. A Lead record is stored in the Lead table. An Opportunity record is stored in the Opportunity table.
To view any particular data record, the Salesforce User has to be allowed to see the table in which the record is stored, and also be able to see the record itself. Without both access levels, the record is hidden from the User.
Profiles (configured under Admin Setup->Manage Users->Profiles) are used to control which Salesforce objects (database tables) are available to Users assigned to the Profile, and what actions those Profile Users are allowed to perform on the table. Profiles can be configured to allow for Create, Read, Write, and Delete access on an object-by-object basis. Salesforce provides several Standard Profiles that are configured for some general purposes. These Standard Profiles can’t be edited, but you can use them as a starting point by cloning them into Custom Profiles that suit the needs of your org.
Roles (configured under Admin Setup->Manage Users->Roles) are used to control which Salesforce records are available to Users assigned to the Role. Unlike Profiles, there is no configuration in a Role. Instead, Roles are arranged in a hierarchy. Top level Roles can contain lower level Roles. Record access is determined by the Role of the Record Owner. Any member of the Role hierarchy above the Record Owner’s Role will have access to the record. Users in the same Role as the Record Owner, and Users in Roles outside of that hierarchy, may or may not have access. By default, all Users have Read-Write access to all records in Salesforce. However, this is controlled by Organization Wide Sharing — a topic for another time.
Working together, Profiles and Roles determine what part of your Salesforce data each User can see, and what actions the User can perform on that data. If a User’s Role allows them to see all Leads, but the User’s Profile does not allow access to the Leads object, the User will not see any Leads. If the Profile allows Editing of Leads, but Organization Wide Sharing provides Read-only access to a specific Lead, the User will not be able to Edit that Lead.