This week I had a relatively stressful moment in Salesforce. Being relatively new as a Salesforce Administrator I was having some trouble understanding the difference between Profiles and Roles and how someone’s profile or role can grant them access to different records. And that ended with a new employee being trained in a Sandbox not being able to access the records they needed for training for a short while.

I got it fixed, but there were a few moments of panic. Here's how I finally made sense of what was going on and what the difference between profiles and roles are in an org:

• Profiles control what a user can do (permissions, object access, field access).

• Roles control what data a user can see (record visibility via role hierarchy).

Think of it like this: your profile is your job description, and your role is where you sit on the org chart. They work together, but they’re definitely not the same thing.

This all came to a head because I set up a user with the right role but the wrong profile and didn’t realize the profile assigned to them was missing key permissions—so they could see records but not do anything with them. Total facepalm moment.

Luckily because I’m new to this, I made this mistake in a Sandbox org and not the Production org.