▶️ Profiles vs permissions vs roles
On this page
Factory Analogy for Salesforce Access Control
Let’s imagine Salesforce as a factory, and the users are employees. You can assign each user three different things — Profile, Permission, and Role — each serving a different purpose.
Profile = Job Title
-
A Profile defines the baseline functions and capabilities a user has.
-
It determines:
-
What apps, objects, tabs, and system features they can access.
-
Whether they can create, read, edit, delete records in general.
-
-
Think of it like: “Factory Worker” — they can enter the building, go to their station, and do their assigned job.
All users must have a profile.
Permission = Keys
-
Permissions are like extra keys or access cards.
-
They give more specific or additional capabilities beyond the profile.
-
You manage these using Permission Sets or Permission Set Groups.
-
Think of it like: “Only the Supervisor has the key to the back storage room, even though they share the same profile as others.”
Used to fine-tune access without changing the whole profile.
Role = Visibility in the Org
-
A Role defines who can see what — i.e., record-level access.
-
Roles are part of a hierarchy:
- Users higher up the hierarchy can see the data of users below them.
-
Think of it like: “A Manager can see their own work and the work of all Factory Workers they manage.”
Not about what you can do — but what you can **see.**