The data access security model
There are several flexible options that are available for you to control how records are accessed within your organization.
In the previous chapter, we looked at the broadest way in which you can control data by setting properties for the objects that a user can view, edit, and create through the configuration and assignment of profiles.
We also looked at the creation of fields and field-level security that is set at the profile level and is applied to records at the database level. Returning to the diagram, we will now look at the security model shown in the top-right corner of the following diagram:
To specify and set the individual records that a user can view and edit, we now look at other mechanisms that can be applied, which are setting your Organization-Wide Defaults, defining a role hierarchy, and creating sharing rules.
The following diagram shows how, with the addition of each extra feature shown, access to records is broadened:
