Security 101: Profiles vs Permission Sets, FLS, and Sharing
Summary
The article outlines best practices for managing security in Salesforce by using profiles as a baseline and permission sets to grant additional permissions. It emphasizes avoiding profile sprawl by leveraging Permission Set Groups organized by role. Key implementation steps include inventorying objects and fields, defining role hierarchy, creating thin profiles with minimal permissions, and layering permission sets for object, field, and system access. It also reviews sharing mechanisms such as criteria-based sharing, teams, manual, and Apex sharing for edge cases, offering a clear strategy for building scalable and maintainable security models.
Takeaways
- Use profiles as a baseline with minimal permissions and login restrictions.
- Assign permissions via Permission Sets and Permission Set Groups by role.
- Inventory objects, fields, and their owners before setting permissions.
- Define role hierarchy and organization-wide defaults (OWD) carefully.
- Leverage multiple sharing tools including criteria-based and Apex sharing.
Strategy Profile = baseline; Permission Sets = grants Use Permission Set Groups per role; avoid custom profiles explosion Steps to implement Inventory objects/fields and owners Define role hierarchy and OWD Create thin profiles (login hours/IPs, minimal perms) Add PS/PSGs for object/field perms and system perms Sharing tools Criteria‑based sharing, Teams, Manual sharing, Apex sharing for edge cases The post Security 101: Profiles vs Permission Sets, FLS, and Sharing first appeared on Salesforce Buddy .