Salesforce Profile Vs Role
Security is one of the major concerns in salesforce and this is the very talkative topic. Profile and Role is part of org security and record security.
There is a simple mantra that helps me a lot to understand: “Roles see, profiles do”.
Role = controls records a user can SEE in the hierarchy
Profile = what a user can DO
That is an oversimplification but it is the best way to start learning about profiles vs. roles in Salesforce. In this post, I will dive into the differences between the two concepts. Come with me as I take you on a journey into how Salesforce permissions work.
Profile
Let’s start with Profile, first understand what profile can do
1.User interface: Tabs, page layouts, record types, applications
2. Access to data: Field level security
3. Login hours and login IP ranges
4. Permissions: App, System, Standard/Custom object CRUD
Profiles control what users can do in your Salesforce org. This can be referred to as CRED:
- C = create
- R = read
- E = edit
- D = delete
Profile also have ultimate permissions, namely ‘Modify all data’, ‘Customize application’ that you would not want to give to any other users! (found under the ‘Administrative Permissions’ section).
Roles
Roles are one of the ways you can control access to records. They also impact reports. Roles come into play if your security model (OWDs) is set to private. Roles on the other hand help with sharing records across an organization. They work in a hierarchical fashion, giving users access to records that are owned by people lower down in the hierarchy.
Difference Between Profile and Role