Salesforce.com security seems to be a topic that trips up a lot of administrators. There are a lot of ways to restrict and grant access in Salesforce: Organizational Wide Defaults (OWDs), Role Hierarchy, Sharing Rules, sharing records using Groups, Sales Teams and Account Teams, and of course those special privileges you have as a Record owner. As you can see, it’s a big topic. I’m a big fan of an “open org” – letting people see as much as possible, but there are going to be some situations where you have to lock down access to subsets of your records. If you are lucky enough to be an administrator with an open org – you can stop reading ;).
Setting the Stage
Before we dive in to security let me share a little trick that will help you validate that the security model you have in place is working as expected. What you will want to do to test security is to login as different Users to verify they can see the records you expect. To do this you have to first have that User login and grant you, the Administrator, access to their account. That User will go to Setup > Personal Setup > Grant Login Access. Then have them fill in a date in the second section. This date determines the duration for which you can login as that User.
Once you hit save you can then login as the Administrator and go to Setup >Administration Setup > Manage Users > Users. You will see a Login link by the name of the User account you just had grant access to the administrator.
To log in as that User you simply click the Login link – and presto! You’re logged in as that user
Logged In As User
To flip back to your Administrator account – simply click the Logout link at the top of the screen. You will revert back to your Administrator account. Now that we’re setup to do some testing and troubleshooting, let’s review some concepts starting out first with OWDs.
Next up, understanding Organizational Wide Defaults (OWDs)