Whether you are an experienced Salesforce Developer or Administrator or even if you are just starting out, you will most likely be aware of the flexibility and strength that Salesforce can offer as a Data Security System.
Access can be controlled from the Objects level or Fields. It can also be delimited at the Records level, using a range of different mechanisms such as; Roles Hierarchy or Organization-Wide Defaults (OWD), either manually or by using Sharing Rules. There is also the option to program the access to definite recordings on Apex.
How do you choose the correct access control mechanism to avoid dealing with problems afterwards?
We have produced a tactical cheat sheet that helps you if this is something that interests you. It will help you in choosing the right access control mechanisms for each individual case.
Getting back in point, why should you start Org setting from Security Settings?
The access control system is just as complex as it is flexible and high-powered. This is why it is essential to consider this from the very beginning. If not, you risk having to deal with some rather unpleasant problems later on down the line.
Have you ever attempted to find a reason for access absence of a specific user to recording in an Org with two hundred permission sets, a huge number of sharing rules and then manually set the permissions or prohibitions of an administrator who only comes in on a Thursday for a couple of hours to “set-up” an Org?
Don’t try. It’s long, it’s sad, and nobody will thank you.
In order to make the right decision about which mechanism to use, first of all, you need to think over the data model: objects, user roles, and workflows. Only when you have carefully considered all of these points, will you be ready to make your decision.
The cheat sheet we have produced will help you out here too!