SF -关于权限控制的小结

SF系统对于权限的控制非常的灵活，有很多功能都可以进行访问权限的设置。但是SF系统的总体思想是，‘循序渐进的漏斗式控制’。

对于对象层面的控制 - Object Level Access,

Profiles
Permission Sets

• Use Profiles provide the baseline access. Profile控制对于对象的CRED访问权限。（CREATE, READ, EDIT, DELETE）
• Use Permission Sets grant more access.

对于记录层面的控制 - Record Level Access

Organization wide Defaults（OWD）
Role Hierarchy
Sharing Rules
Manual Sharing
Apex Sharing

• OWD settings are baseline settings in Salesforce, OWD is the most restrictive settings.
• OWD settings provides most restrictive settings which can be opened up by Role Hierarchy
• Role hierarchy can be opened by Sharing rules
• Role hierarchy and sharing rules provide access to the records that you don’t own

Private : 只有记录拥有者可见
Public Read : 所有人可见
Read/Write :- 所有人可读可写
Read/Write & Transfer : A user can read ,write and transfer. Here transfer means we can transfer permissions and change the ownership.

Sharing Records using Apex

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_bulk_sharing_creating_with_apex.htm