Roles
In salesforce, roles are defined so as to increase the data visibility a particular user has. The data visibility can be increased using sharing rules or by building role hierarchy. Role hierarchy allows the user sitting in higher level have access of records owned by users having role lower in hierarchy. It is not mandatory that a user should have a role.
Organisation wide default sets the default access for objects, for example OWD set as private would mean that only the owner of the record can access the record. One way to grant additional access of these records to other users is through roles i.e users higher in role hierarchy would get the access of records owned by users lower in hierarchy. Other way is by writing sharing rules, wherein we can specify the logic to decide which record should be shared and with what role user. We can specify against custom objects whether the records should be shared using role hierarchy or not but this is default set for standard objects and cannot be changed. That is, standard object records will always be shared according to role hierarchy. Defining role for users is not a mandatory thing, however not defining role for a user could affect the data shown on opportunity and other reports for that user.
Summarising the points for role,
1. Role controls the level of record access user has
2. Helps extend the OWD settings for different objects
3. Sharing rules can be written to share records with particular role and subordinates
4. Defining role for user is not mandatory.
Profiles
Unlike role, profile is mandatory for every user in salesforce. You cannot have a user without a profile. It is the building pillar of the entire org. Profile states the objects/field permissions and also other permissions with in the org. It defines what a user can do within the org, it states the access settings and user permissions. Profile controls following -
- Object permissions [create, delete,read, edit permissions]
- field permissions [view, edit]
- Record type permission
- Which Apps can be viewed
- Login hours can be defined
- Ip address permissions
- Which tabs are visible
- Which page layouts can be viewed
- Classes, vf pages permissions
Salesforce provides some standard profiles with different set of permissions for each, we can create our own profiles to have permissions as per our requirement. New profile should be cloned from existing profile.
Difference between the two can be summarised as below
1. Role defines what user can see depending on the hierarchy(Helps in defining data visibility)
2. Profile defines what a user can do within the org(Defines various permissions)
3. Defining profile for a user is mandatory, role is not.
No comments:
Post a Comment