This post provides an overview of two aspects of Salesforce record security that every Admin runs into almost right away — Profiles and Roles — and how they work together to control access to your data.
It is important to understand how Salesforce collects and organizes your data. Salesforce objects (Account, Contact, Opportunity, Campaign, etc) are really tables in the database. Each object has its own table. Each Salesforce record is stored in the database table for its object. A Lead record is stored in the Lead table. An Opportunity record is stored in the Opportunity table.
To view any particular data record, the Salesforce User has to be allowed to see the table in which the record is stored, and also be able to see the record itself. Without both access levels, the record is hidden from the User.