Object-Level Security (OLS)

The first level of access type is Object-Level Security (OLS), as we saw previously on the profile edit page:

These kinds of operations are usually referred to as CRUD operations:

• Create
• Read
• Update (or Edit)
• Delete

Some of them respect sharing configurations while some do not:

• Read: Users can view records of this type if the sharing settings allow them to (sharing respected).
• Create: Users can create and view records (sharing respected regarding the read operation); that is, you cannot have Create without Read enabled.
• Edit: Users can edit and read records (sharing respected); there can be no Edit without Read.
• Delete: Users can read, edit, and delete records (sharing respected); there can be no Delete without Read and Edit.
• View All: Users can see all the records of this object and thus sharing is not respected.
• Modify All: Users can read, edit, delete, transfer, and run approval on all the records of this object, thereby overriding the sharing settings.

View All and Modify All work like the View All Data and Modify All Data user permissions on profiles, but there should be a better alternative to convey better access granularity to records.

Object accessibility causes the object's tab to be visible to a given user.