Force.com: User vs Account vs Role vs Profile vs Owner
I'm starting out with force.com development, and I'm currently a little hazy about what the above terms all mean. Could someone give an overview, and if possible explain how permissions are defined on each one (if at all)?
Answer
- User: a user who can login to Salesforce. Also includes customer and partner portal users.
- Account: a business account, which usually represents a company and usually has child contacts (i.e. people in the company)
- Role: a hierarchical group users in an organization that is used as part of the sharing model. Users in higher roles have rights to see the records owned by users in lower roles (assuming their Profile allows it). Users do not have to belong to a role.
- Profile: a collection of permissions and access rights for a user including CRUD permissions. A user must belong to exactly one profile. Also see about Permission Sets, which are a many-to-many relationship with users and augment profiles.
- Owner: A user or group (queue) that owns a record. Record ownership along with the role hierarchy (and a few other things) control who can see the record.
To put it all together, you could say something like:
John Doe is a salesperson for ABC, Inc, and is a user in their organization. He is the owner of the Acme account. He has the Salesperson role, which is subordinate to the Sales Manager role, so his manager can see all his records. He has the Standard User profile, so he cannot perform administrative functions in Salesforce.
I'd also recommend that you take a look at the API doc, which explains all the entities and has relationship diagrams.