Determine the appropriate security model for a given use case (e.g. Sharing & Users, Person Accounts, Profiles, Objects).
Salesforce provides several tools to control access to data and functionality for community users. Some tools are the same for internal and external users, and others are specific for external users. The security features available depend on the community license in use.
Access to Salesforce features for external users can be controlled with profiles and permission sets.
Each external users is associated with an Account and Contact record in Salesforce. In addition, each external user has a User record with a license, a profile and none or many permission sets.
The profile and permission sets can be used to define access to Salesforce features and create, read, update, and delete (CRUD) permissions per Salesforce object.
Access to Salesforce data for external users can be controlled by standard and community-specific sharing controls. Depending on the community license type used, different controls are available.
|Sharing Tool||Community User||Community User Plus||Partner Community|
|External Org-Wide Defaults|
|Super User Access|
External org-wide defaults (OWDs) can be used to define default object access levels for external users.
Those defaults can be different for external and internal users. However, the external OWD must always be more restrictive or equal to the internal OWD. This is to avoid that external users are granted more access to an object than to internal users.
As for internal OWDs, following external OWDs are available for the Account, Contract, Asset, Contact, Case, Opportunity, Order, and User objects, as well as for custom objects:
In addition to defining default object access levels, external OWDs can also be used to configure if external users can see each other in communities. There are two checkboxes to define external user visibility:
If Portal User Visibility is enabled, portal users in the same customer or partner portal account can see each other, regardless of the organization-wide defaults. If Community User Visibility is also selected, users from the same community can see each other as well.
If Community User Visibility is enabled, community users in the same community can see each other, regardless of the organization-wide defaults. If Portal User Visibility is also selected, portal users can see other portal users from the same account as well.
Users with a Customer Community license (i.e. High-Volume Community Users) don't have a role associated with their User record. Access to Salesforce records can therefore not be controlled using the Role Hierarchy.
The Sharing Sets tool allows controlling access for those users based on their Profile and the Account or Contact associated with them. Unlike Sharing Rules, only one Sharing Set per profile and object can be defined.
Because Customer Community license users (i.e. High-Volume Community Users) don't have a role, records owned by them are also not shared with other users based on the Role Hierarchy.
Sharing Groups can be used to share records owned by those with internal Salesforce users.
Super users access lets community users access more data and records, regardless of sharing rules and organization-wide defaults. Super users can access data of other users with the same role in the partner role hierarchy.
Super user access only applies to Cases, Leads, Opportunities, and custom objects. Access to those objects must be granted thru profiles or sharing and add the tabs to the community.
Depending on the community license assigned to an external user, the user has a role.
When the first external user on a partner account is created, a role hierarchy is created for that account. This role hierarchy rolls up to the internal Account owner.
When the first external user is created on a Partner Account, a partner role hierarchy for this Account is automatically created. This partner role hierarchy rolls up to the internal Account owner in Salesforce.
The number of roles created can be configured between one to three. By default, the following three roles are created:
When converting Contacts related to the Partner Account to Partner Users, one of those three roles can be assigned. External users at a given role level can view and edit all data owned or shared with users below them in the hierarchy, regardless of the sharing model.
While the role hierarchy allows sharing records vertically across organizations, sharing rules can be used to define rules to share records across roles.
Rules can be defined with partner roles, to share records for different objects between external internal roles.
Salesforce records can be shared manually with other users. Record owners can manually select other users to share a record with. The access level of those users can be defined.
External users can be selected with manual sharing, allowing them to access manually shared records.
Some Salesforce objects support queues. Records of those objects can then be assigned to queue as the owner. A queue can have multiple members and each member in the queue has access to the record owned by the queue.
External users can be added to queues, allowing them to access records associated with queues.
Teams can be used to share Account, Opportunity, and Case records with a set of users. Team members can be added to specific records and the access level of each team member can be specified. In addition, each user can define a default team with a predefined set of users that are assigned to records owned by that user.
External users can be added in Account, Opportunity, and Case Teams, allowing them access records associated with teams.