Factory Analogy for Salesforce Access Control
Let’s imagine Salesforce as a factory, and the users are employees. You can assign each user three different things — Profile, Permission, and Role — each serving a different purpose.
Profile = Job Title
A Profile defines the baseline functions and capabilities a user has.
It determines:
What apps, objects, tabs, and system features they can access.
Whether they can create, read, edit, delete records in general.
Think of it like: "Factory Worker” — they can enter the building, go to their station, and do their assigned job.
All users must have a profile.
Permission = Keys
Permissions are like extra keys or access cards.
They give more specific or additional capabilities beyond the profile.
You manage these using Permission Sets or Permission Set Groups.
Think of it like: “Only the Supervisor has the key to the back storage room, even though they share the same profile as others.”
Used to fine-tune access without changing the whole profile.
Role = Visibility in the Org
A Role defines who can see what — i.e., record-level access.
Roles are part of a hierarchy:
- Users higher up the hierarchy can see the data of users below them.
Think of it like: “A Manager can see their own work and the work of all Factory Workers they manage.”
Not about what you can do — but what you can see.