SF系统对于权限的控制非常的灵活,有很多功能都可以进行访问权限的设置。但是SF系统的总体思想是,‘循序渐进的漏斗式控制’。
对于对象层面的控制 - Object Level Access,
Profiles
Permission Sets
- Use Profiles provide the baseline access. Profile控制对于对象的CRED访问权限。(CREATE, READ, EDIT, DELETE)
- Use Permission Sets grant more access.
对于记录层面的控制 - Record Level Access
Organization wide Defaults(OWD)
Role Hierarchy
Sharing Rules
Manual Sharing
Apex Sharing
- OWD settings are baseline settings in Salesforce, OWD is the most restrictive settings.
- OWD settings provides most restrictive settings which can be opened up by Role Hierarchy
- Role hierarchy can be opened by Sharing rules
- Role hierarchy and sharing rules provide access to the records that you don’t own
Private : 只有记录拥有者可见
Public Read : 所有人可见
Read/Write :- 所有人可读可写
Read/Write & Transfer : A user can read ,write and transfer. Here transfer means we can transfer permissions and change the ownership.
Sharing Records using Apex
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_bulk_sharing_creating_with_apex.htm