What is the Difference between Roles and Profiles in salesforce?
Roles
In
salesforce, roles are defined so as to increase the data visibility a
particular user has. The data visibility can be increased using sharing
rules or by building role hierarchy. Role hierarchy allows the user
sitting in higher level have access of records owned by users having
role lower in hierarchy. It is not mandatory that a user should have a
role.
Organisation
wide default sets the default access for objects, for example OWD set
as private would mean that only the owner of the record can access the
record. One way to grant additional access of these records to other
users is through roles i.e users higher in role hierarchy would get the
access of records owned by users lower in hierarchy. Other way is by
writing sharing rules, wherein we can specify the logic to decide which
record should be shared and with what role user. We can specify against
custom objects whether the records should be shared using role hierarchy
or not but this is default set for standard objects and cannot be
changed. That is, standard object records will always be shared
according to role hierarchy. Defining role for users is not a mandatory
thing, however not defining role for a user could affect the data shown
on opportunity and other reports for that user.
Summarizing the points for role,
1. Role controls the level of record access user has
2. Helps extend the OWD settings for different objects
3. Sharing rules can be written to share records with particular role and subordinates
4. Defining role for user is not mandatory.
Profiles
Unlike
role, profile is mandatory for every user in salesforce. You cannot
have a user without a profile. It is the building pillar of the entire
org. Profile states the objects/field permissions and also other
permissions with in the org. It defines what a user can do within the
org, it states the access settings and user permissions. Profile
controls following -
- Object permissions [create, delete,read, edit permissions]
- field permissions [view, edit]
- Record type permission
- Which Apps can be viewed
- Login hours can be defined
- IP address permissions
- Which tabs are visible
- Which page layouts can be viewed
- Classes, vf pages permissions
Salesforce
provides some standard profiles with different set of permissions for
each, we can create our own profiles to have permissions as per our
requirement. New profile should be cloned from existing profile.
Difference between the two can be summarized as below
1. Role defines what user can see depending on the hierarchy(Helps in defining data visibility)
2. Profile defines what a user can do within the org(Defines various permissions)
3. Defining profile for a user is mandatory, role is not.
