Salesforce allows us to control the records access and organization reports using role. In other words, you can use it to control record-level access in Salesforce. It describes how roles connect to each other. It may or may not be exactly akin to your organization hierarchy. A role can have one, more than one, or even no users assigned to it. It is best practice to ensure that every user is assigned a role when they are first added to the system.

Users who are higher in the role hierarchy will be able to see the records of people below them. Users who share the same the role or who are at the same level (for example, the VP of Sales and the VP of Marketing) cannot access each other's records:

In the preceding image, the Managing Director can see all the organization records, as they are at the top of the role hierarchy. At the same time the Sales Director and Marketing Head can't see each other's records even though both are at the same level. While the Sales Director can access the Sales Manager West and Sales Manager East records, the Marketing Head can access the Executives records. The Sales Manager West, Sales Manager, and the Executives can see only their records as these roles are lower in the role hierarchy. Users at any role level can view, edit, and report on all the data owned by or shared with users below them in the role hierarchy.