Prepare for Salesforce security interview questions with this comprehensive guide. Learn about key topics like sharing rules, permission sets, profiles, field-level security, role hierarchies, and best practices to manage data access effectively.

It is important to ensure Salesforce security as a way to guarantee that your organization data will stay secured and available only to the right people. It is all about limiting access to records and features while also hiding sensitive roles or data from the people who should not see them.

  • The Sharing Rule, for instance, is one of the key mechanisms for this in Salesforce. Sharing rules are used to define permissions, such as read or edit access to specific records and allow you to target certain users or groups. Sharing rules come in two flavors — manual and automatic.
  • Manual sharing lets you share a record directly with another user when necessary while automatic sharing does so based on defined criteria, meaning users in higher-level roles automatically gain access to the records they need without requiring you as an admin to step-in each time. This provides a means of giving your team access to data without compromising on security.

By default you cannot change how users view records, but Salesforce has Profiles and Permission Sets which give you a lot more control over access. A profile is simply a default set of permissions for every user — basically, specifying what a user can and cannot do in Salesforce (specific to objects or fields).

  • Permission Sets, on the other hand, allow additional permissions to be granted above and beyond what is already permitted with the profile. Takes for example if their profile restricts access, you can broaden that access with a permission set without needing to alter the entire profile of that user. This multi-layered approach gives you added control and flexibility.

When we also include other security features like Field-Level Security (FLS), Login Hours, and IP Ranges, you are essentially building a protective wall around your data. They allow users to only see exactly what they need, when they need it—without exposing sensitive information unnecessarily to prying eyes.

It is a middle path–ensuring that the appropriate people get the access they need, without putting security at risk.

Salesforce security interview questions

Understand how Salesforce security features like manual and automatic sharing, login hours, and IP ranges help ensure data protection while providing the right level of access to users. This guide is ideal for anyone preparing for a Salesforce administrator or security-focused interview.

1. What is a Sharing Rule?

Sharing rules in Salesforce represent the permissions and exceptions to your organization. By using sharing rules we can grant access to edit, read, read/write permissions to user. Sharing Rules are of two types. They are

  1. Manual Sharing.
  2. Automatic Sharing.

2. What is Manual Sharing?

Manual sharing is the process of sharing records manually.

3. What is permission set?

Permission sets in salesforce.com are the combination of different settings and permission sets given to user to access records and files.

Note :- Manual sharing is available for only Organization wide default settings are private to the object.

4. Difference between profiles and permission sets?

Permission Sets : In this Permission sets we define the access level of the user. Generally we determine what a user can do in the applications. These are used to grant additional permission to a user.
Profiles : In Object level Security, Profiles are assigned to the user by system administrator. A profile can be assigned to many users where as a user can have only one Profile.

5. How can you define Field Dependency?

In Field dependency, we have to fields controlling filed and dependent field. When a selection is made the controlling field controls dependent picklist values.

Ex:- When a country is selected in dependent picklist then the states are available to that country. Here country is controlling field and State is dependent field.

6. How many field dependencies we can use in Visual Force page?

We can use up to 10 field dependencies in visualforce pages.

7. Tell me about Field-Level Security?

In field level security, we control the user what to see, edit, delete of a particular field in the object.

8. Briefly describe about Field-Level Security?

In field level security, we control the user what to see, edit, delete of a particular field in the object. In some situation like if we want to grant access control over Object to a user but the user should not be able to access some particular fields in that objects then we go for Field Level Security.

Field Level Security can be controlled by Profiles and Permission sets.

= > Profiles.

  • Page Layouts.
  • IP Ranges.
  • Login Hours.
  • Desktop.
  • Client Access.

= > Permission sets.

  • App Permissions.
  • Record Types.
  • Tab Settings.
  • Assigned Apps.
  • Object Permissions.
  • Field Level Security.
  • Apex Classes
  • Visual Force Pages

9. What are Login Hours and Login IP Ranges?

  • Login hours are set in an organization to restrict the user’s who tries to login before or after login hours.

To set login hours in an organization go to Setup=>Administration=>Manage users=>Profiles.

  • IP ranges are used to restrict any login attempt is done from unknown IP addresses. Usually organizations maintain login IP ranges.

To set Login IP ranges in salesforce go to Setup=>Administration Setup=>Manage Users=> Profiles.

10. What is a User Record?

User records consist key information about the user.

11. What is a Record Owner?

Record Ownership : The User or Queue who controls and have the right to access  a record.

Generally there are two types of Owners. They are

  1. Users.
  2. Queues.

12. What are Organization Wide Defaults?

  • Organization wide Defaults define the baseline level of access to data records for all users in an Organization.
  • Organization wide Defaults are used to restrict access to data(Records).
  • Organization wide Defaults(OWD) can be defined for Standard Objects and Custom Objects.

13. What is a Role and Role Hierarchy?

Salesforce uses role hierarchy to automatically to grant access to users by default. We can not edit Grant Access using Hierarchies for standard objects and can edit Grant Access using Hierarchies check box for Standard objects.

14. What is Access at the Role Level?

Access at the role level depends upon the organization wide defaults.

15. What are the different types of Sharing Rules in Salesforce and explain them?

  1. Account sharing Rule.
  2. Contact Sharing Rule.
  3. Case Sharing Rule.
  4. Opportunity sharing Rule.
  5. Lead Sharing Rule.
  6. Custom Object sharing Rule.

16. In how many ways can we share a record?

Records can be shared in 5 types they are

  1. Role Hierarchy.
  2. Organization Wide Defaults.
  3. Manual Sharing.
  4. Criteria Based Sharing Rules.
  5. Apex Sharing.

17. Best Practices of Creating Contact Sharing Rules?

Organization wide default settings are used to set red, write, read/write permissions

18. How can i provide record level access to user’s in an organisation? then what should i use from Salesforce security model?

Get more details on record level security :- Record level security in salesforce.

 19. If i want Object level accesses then what should i use from Salesforce security model?

Get more details on object level access. Object Level Security in Salesforce.

21. What are governor limits?

Governor Limits in Salesforce.com are the run time limits enforced by the apex runtime engine to write scalable and efficient code.

Read more on Governor Limits :- Governor limits in Salesfore

22. Is it possible to bypass Grant Login access using Hierarchies in case of standard objects?

Yes

23. Can we use sharing rules to restrict data access?

No, sharing rules cannot restrict data access.

24. Is it possible to create sharing rules for detail object?

No, we can create sharing rules for details objects because they don’t have owner field.