Organization-Level Security:

Example: Multi-factor Authentication (MFA)

Salesforce allows administrators to enforce multi-factor authentication to add an extra layer of security. Users need to provide additional verification, such as a temporary code sent to their mobile device, in addition to their regular password.

Profile-Level Security:

Example: Object Permissions

Profiles control which objects users can access and the level of access they have. For instance, a Sales profile might have read and write access to the Opportunity object, but only read access to the Account object.

Permission Sets:

Example: Field Permissions

Permission sets allow administrators to extend user permissions without changing profiles. For example, a user with a standard profile might get additional write access to specific fields through a permission set.

Record-Level Security:

Example: Organization-Wide Defaults (OWD)

OWD settings control the default level of access users have to records. For example, you can set the default sharing settings for an object to "Private," ensuring that only the record owner and users with appropriate sharing rules can access the record.

Role Hierarchy:

__Example: Managerial Access __

The role hierarchy allows for the creation of a hierarchical structure within an organization. Users at higher levels in the hierarchy inherit the access permissions of users below them. This is often used to grant managers access to the records owned by their subordinates.

Sharing Rules:

Example: Territory-Based Access

Sharing rules are used to extend access to records for a particular group of users. For instance, you can create sharing rules to give a specific team access to records owned by users in a particular territory.

Field-Level Security:

Example: Read-Only Fields

Field-level security lets administrators restrict access to certain fields on objects. For example, a custom salary field may be marked as read-only for certain profiles to maintain confidentiality.

Apex Sharing:

Example: Custom Sharing Logic

For complex sharing scenarios, organizations can use Apex sharing to programmatically define custom sharing rules based on their business requirements.

IP Whitelisting:

Example: Restricting Access to Trusted Networks

Salesforce allows organizations to set up IP whitelisting, ensuring that users can only access Salesforce from specified IP addresses or ranges.

Login Hours and Login IP Ranges:

Example: Restricting Login Times and Locations

Administrators can define specific hours during which users are allowed to log in, and also restrict access to Salesforce based on IP ranges.

By combining these different levels of security in Salesforce, organizations can tailor access controls to meet their specific needs and ensure a secure and compliant environment.