Sales Force Trailhead - Data Security
Organization access
At the highest level, you can secure access to your organization by 1.maintaining a list of authorized users, 2.setting password policies, and 3.limiting login access to certain hours and certain locations(Network Access).
Four different levels at which you can control data access
You can configure access at the level of the organization, objects, fields, or individual records By combining security controls at different levels, you can provide just the right level of data access to thousands of users without having to specify permissions for each user individually.
Record access
by 1. Organization-wide defaults: You use organization-wide sharing settings to lock down your data to the most restrictive level, and then use the other record-level security and sharing tools to selectively give access to other users.(default is no, give access selectively) 2. Role hierarchies : open up access to those higher in the hierarchy so they inherit access to all records owned by users below them in the hierarchy. (Your boss can access whatever you can access) 3.Sharing Rule:make automatic exceptions to organization-wide defaults for particular groups of users, to give them access to records they don't own or can't normally see. 4. Manual Sharing: for example, if a recruiter going on vacation needs to temporarily assign ownership of a job application to another employee.
Object access
by user profile