Most Salesforce security advice swings between two extremes: “turn on everything” or “eh, it’s fine.”
Real life is in the middle. You need a setup people can work with, and you need to be able to explain it to a customer, an auditor, or your own leadership without sweating.
This is the set of basics I’ve seen actually hold up.
Start by naming what matters
Pick a short list of sensitive data in your org:
- billing details
- tax identifiers
- discount overrides
- support notes
- contract documents
When everything is “sensitive,” nothing is.
Least privilege that still lets people work
Two failure modes:
- too tight → people can’t do their jobs → someone gets admin “temporarily”
- too loose → nobody can explain access → risk grows silently
The boring middle is the goal:
- profiles minimal
- permission sets for roles
- small “sharp edge” permission sets for export/overrides
Two permissions that deserve respect
Export Reports
Not glamorous, but it’s one of the most common ways data leaves.
View All / Modify All
These bypass your sharing model. Use them only when you truly mean it—and document why.
Integration users: keep them separate
Integration users should:
- not be human accounts
- have least privilege
- use managed secrets
- rotate credentials
This is not fun work. It is very visible work in audits.
A review that saves you later
Quarterly (or monthly if regulated), answer:
- who has admin-level access?
- who can export?
- who has View All on key objects?
- what folders are broadly shared?
- what integrations still exist and why?
If you do this regularly, security stops being a “cleanup project.” It becomes maintenance.
The point
You don’t need perfection. You need a posture you can explain, defend, and steadily improve.