Interview Question

How would you explain the Salesforce security model in one clear structure?

Direct Answer

I explain it as layered control: org-level security, object access, field access, and row-level visibility.

A stronger answer connects the layers and explains that many access mistakes happen when teams confuse object permissions with record visibility.

The interviewer wants to see whether you can organize a complex topic cleanly.

A weak answer only names profiles and roles without explaining the layered model.

Give the structure first, then explain how the layers work together.

Where do permission sets fit inside that structure?