Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Restrict Access with Field-Level Security, Permission Sets, and Sharing Settings

Create Permission Sets

Permission sets grant additional permissions to specific users, on top of their existing profile permissions, without having to modify existing profiles, create new profiles, or grant an administrator profile where it's not necessary.

Create a new permission set for hiring managers.

  1. From Setup, enter Permission Sets in the Quick Find box, and select Permission Sets.
  2. Click New, and enter the details.
    • Label: Hiring Manager
    • Description: 
      • Temporary permission set for those Hiring Managers that need to interview candidates for positions in their department
    • License: Salesforce
  1. Click Save.
  2. Click Assigned Apps in the Apps section, then click Edit.
  3. Select Recruiting from the Available Apps list and click Add.
    Available Apps list for the Hiring Manager permission set
  4. Click Save.
  5. Click Down arrow iconnext to Assigned Apps and select Object Settings.
  6. Click Interviewers from the object list, and click Edit.
  7. Select Visible under Tab Settings.
  8. Select Read, Create, and Edit in the Object Permissions list.
  9. Click Save.
  10. Repeat steps 8-11 for the Job Applications, Job Postings, Job Posting Sites, Positions, and Reviews objects. Set the permissions to reflect what is shown in this table provided by Ling Wu.

Object

Tab Setting

Read

Create

Edit

Delete

Interviewers

Visible

Job Applications

Visible

Job Postings

Job Posting Sites

Visible

Positions

Visible

Reviews

 

Modify Field-Level Security

All standard objects have a predefined set of fields to capture common business information. While they can’t be deleted, field-level security can make them invisible. Field-level security controls which fields a profile or permission set can view and edit, overrides any less-restrictive field access, and controls settings in page layouts and search layouts. 

Field-level security is universally enforced regardless of how a user is accessing Salesforce—page layout, related lists, report, and so forth. For this reason, field-level security is the preferred way to secure sensitive and confidential information, like salary ranges HR recruiters and hiring managers work with in their app.

Start by setting field-level security for the Salary Range field.

  1. From Setup, click Object Manager, and click Position.
  2. Click Fields & Relationships, then click Salary Range.
  3. Click Set Field-Level Security.
  4. For HR Recruiter and System Administrator, select Visible. (Ensure Visible is deselected for all other profiles.)
  5. Click Save.

Now set permissions.

  1. From Setup, enter Permission Sets in the Quick Find box, and select Permission Sets.
  2. Click Hiring Manager.
  3. Click Object Settings in the Apps section.
  4. Click Positions in the list of object names, then click Edit.
  5. Under Field Permissions, select Read Access and Edit Access for Salary Range. Field Permissions list for hiring manager highlighting the Salary Range field with Read Access and Edit Access checked.
  6. Click Save.

Create Sharing Settings

To access a record, users must have the appropriate object permission on their profile or a permission set. By changing sharing settings from the organization-wide defaults, you set the default level of access users have to records they don't own in each object. 

Ling Wu would like job postings to be the only HR custom object with public access. Achieve this by changing the organization-wide default sharing settings.                                                                                               

Set the organization-wide defaults for Recruiting app objects.

  1. From Setup, enter Sharing Settings in the Quick Find box and click Sharing Settings.
  2. Click Edit in the Organization-Wide Defaults section.
  3. Ensure that the Default Internal Access setting for the Candidate, Interviewer, Job Application, and Position objects is set to Private.
  4. Set the Default Internal Access for the Job Posting Site object to Public Read Only.
  5. Click Save.

By creating a custom profile, creating permission sets, updating field-level security, and modifying organization-wide default sharing settings, you’ve made AW Computing’s recruiting app a more secure tool. Ling Wu can rest easy knowing that her team—and anyone else accessing the app—will only see the data they’re authorized to see.  

Note

Updating the Organization-Wide Default settings might take some time to process. After you click Verify step, if you get an error relating to any of the Organization-Wide Settings updates you just made, wait a few minutes and try again.

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback