User access to Objects, data, and Operations is defined by Roles and Groups with specific Permissions. You can also assign Permissions to individual users. Additionally, you can set up Data Access Rules to control access at the record level, and also configure specific Object types as read-only for all users regardless of Roles or permissions.

To efficiently assign Permissions to large numbers of users, you can create Groups. For example, you can create a Group, add a large number of users, and then easily assign all Group members the same Roles and Permissions.

You can grant Permissions to users, Roles, and Groups. When you create Permissions, keep in mind that each Permission record can be assigned to only one user, Role, or Group.

Security Groups are another access control approach. This powerful capability supports grouping users into logical sets, granting access to appropriate records, and preventing access to restricted data.