Protect Your Data in Salesforce: OWD + Role Hierarchy

Posted on by admin

Study for the Administrator Certification Exam > Configuration and Setup (15%) > Protect Your Data in Salesforce > Set Organization-Wide Defaults and Create a Role Hierarchy

레코드 접근 권한순서

  • Object 권한 (Profile / Permission Set)
  • OWD (Organization-Wide Defaults) → 기본 잠금
  • Role Hierarchy → 위 사람이 아래 데이터 보기
  • Sharing Rule / Manual Sharing → 예외적으로 더 열기

OWD (Organization-Wide Defaults)

내가 소유하지 않은 레코드를 기본적으로 얼마나 볼 수 있나?

  • Private → 소유자만
  • Public Read Only → 다 볼 수 있지만 수정은 소유자만
  • Public Read/Write → 다 수정 가능
  • Controlled by Parent → 부모 따라감

Role Hierarchy

위에 있는 사람은 아래 사람 레코드를 자동으로 본다

Role과 Profile는 완전 다른것:

  • Role = 접근 범위(레코드 공유용)
  • Profile = 기능 권한

Role Hierarchy 특징:

  • org chart랑 꼭 같을 필요 없음
  • 데이터 접근 레벨 기준으로 설계
  • Manager가 팀 데이터 보게 만들 때 사용

왜 OWD를 Private로 했을까?

기본 상태
→ 직원은 자기 것만 봄

문제
→ VP / Director가 팀 데이터를 못 봄 😱

해결
→ Role Hierarchy로 위 사람에게 자동 접근 부여

이게 바로 Salesforce 보안 철학:

🔒 기본은 잠그고
🔓 필요한 사람만 열어준다

실제로 만든 Role 구조

CEO
└ VP of Services
 ├ Accounts Receivable
 └ Customer Support Director

→ VP는 두 팀 데이터 다 봄

요약

OWD = 기본 잠금
Role = 위로 공유
Sharing Rule = 옆으로 공유

Create Custom Objects

  1. Setup > Object Manager > Create > Custom Object
    • Label: Applicant
    • Plural Label: Applicants
    • Check ✅ Starts with vowel sound
    • Object Name: Applicant
    • Record Name: Applicant Name
    • Data Type: Text
    • ✅ Allow Reports
    • ✅ Allow Search
  2. Save & New
    • Label: Interviewer
    • Plural Label: Interviewers
    • Check ✅ Starts with vowel sound
    • Object Name: Interviewer
    • Record Name: Interviewer Name
    • Data Type: Text
    • ✅ Allow Reports
    • ✅ Allow Search
  3. Save & New
    • Label: Position
    • Plural Label: Positions
    • Check ✅ Starts with vowel sound
    • Object Name: Position
    • Record Name: Position Name
    • Data Type: Text
    • ✅ Allow Reports
    • ✅ Allow Search
  4. Save!

Add Fields to Position

  1. Setup > Object Manager > Position > Fields & Relationships > New
    • Data Type: Picklist
    • Field Label: Status
    • Select ✅ Enter values, with each value separated by a new line
      • New
      • Open
      • Closed
    • Check ✅ Restrict picklist to the values defined in the value set
  2. Next, Next, Save!

Organization-Wide Sharing Defaults to Private

  1. Setup > Sharing Settings > Edit
    • Applicant – Default Internal Access: Private
    • Interviewer – Default Internal Access: Private
    • Position – Default Internal Access: Private
  2. Save!

Create a Role Hierarchy

  1. Setup > Roles > Set Up Roles > Expand All > CEO > Add Role
    • Label: VP of Services
    • Role Name: VP_of_Services
  2. Save & New!
    • Label: Accounts Receivable
    • Role Name: Accounts_Receivable
    • This role reports to: VP of Services
  3. Save & New!
    • Label: Customer Support Director
    • Role Name: Customer_Support_Director
    • This role reports to: VP of Services
  4. Save & New!
    • Label: Customer Support Rep
    • Role Name: Customer_Support_Rep
    • This role reports to: Customer Support Director
  5. Save & New!
    • Label: Sales Engineer
    • Role Name: Sales_Engineer
    • This role reports to: Director, Direct Sales
  6. Save & New!
    • Label: Recruiter
    • Role Name: Recruiter
    • This role reports to: SVP, Human Resources
  7. Save!

Assign Roles

  1. Setup > Roles > Set Up Roles > Expand All > VP of Services > Assign
    • Search: All Users
    • Selected Users for VP of Services: Noah Larkin
  2. Save!
  3. Accounts Receivable > Assign
    • Search: All Users
    • Selected Users for VP of Services: Maya Lorrette
  4. Save!
  5. Sales Engineer > Assign
    • Search: All Users
    • Selected Users for VP of Services: Amy Daniels
  6. Save!
  7. Recruiter > Assign
    • Search: All Users
    • Selected Users for VP of Services: Ted Kim 
  8. Save!
  9. Customer Support Rep > Assign
    • Selected Users for VP of Services: [Your name]
  10. Save!