In each Salesforce organization, the administrator is the key holder: they are the guardian of the company's data and thus their main concern is protecting this valuable asset. The right object permissions shape data according to the kind of user who accesses it, while planning the right sharing strategy enables users to see only the subset of records they are authorized to read and/or write, thus delivering coherent and safe business processes.

In this chapter, we will learn about the following topics:

• How data security is handled within the Salesforce platform
• The difference between profiles and permission sets to define what users can do
• Setting up record-level security to restrict/allow access to data depending on the user's shape
• The Salesforce sharing model (from organization-wide default sharing to manual sharing), which determines which objects can be accessed by whom
• Setting up Enterprise Territory Management for a territory-based record-sharing model
• Handling sharing in Salesforce communities to give external users access to data