A Salesforce user is an authenticated identity in an org — a person (almost always) or a service account that signs in, owns records, and is granted access through its profile and permission sets. Each user is a row in the standard User object, with required fields like Username (which must be globally unique across all Salesforce orgs in the format of an email address) and Email.
Why “user” is the right place to start any security question
When an interviewer leads with “what is a user?”, they’re often testing whether you understand the full chain of access:
User → consumes → License
User → assigned → Profile + Permission Sets → grants → Object/Field/Apex access
User → has → Role → drives → Record visibility via the role hierarchy
User → owns → Records → which → sharing rules + manual shares can extendIf you can talk fluently about that chain, every downstream question about profiles, roles, sharing rules, and OWD becomes easier.
The pieces of a User record
| Field | What it controls |
|---|---|
| License | What features the user can even see. Salesforce, Salesforce Platform, Customer Community, etc. License determines which profiles are available. |
| Profile | A required, default bundle of permissions: object CRUD, field-level security, system permissions, login hours, IP ranges. Each user has exactly one. |
| Permission Sets (and Permission Set Groups) | Additive bundles layered on top of the profile. The modern best practice is “minimal profile + permission sets for everything else.” |
| Role | Optional. Drives the role hierarchy, which determines what records the user can see based on ownership. |
| Manager | Used by features like Approval Processes and Chatter. |
| Active | A boolean. Inactive users still consume their license seat until the org’s user limit is rebalanced — they just can’t log in. |
| IsPortalUser / UserType | Indicates whether this is an internal user or a community/portal user. |
Active vs frozen vs deactivated — these are not the same
This trips up junior candidates and even some experienced admins:
- Frozen —
Setup → Users → Freeze. Blocks login immediately, but the user still owns records and still consumes a license. Use this when an employee has resigned and you need to lock them out now, before you’ve reassigned their records. - Deactivated (
IsActive = false) — Same login block, plus the user is invisible in most lookups, but the row stays. License is freed. - Deleted — You can’t actually delete users in Salesforce. Once a user exists, they exist forever; deactivation is the closest equivalent.
This matters because a common scenario question is: “An employee just left. What do you do with their Salesforce account?” The expected answer is “freeze them first, then reassign their open records, then deactivate.”
License types — the part candidates often skip
The license type isn’t a curiosity — it caps everything else. A Customer Community license user can only see specific objects out of the box, regardless of what profile you assign. Knowing the major ones helps:
- Salesforce — full internal user, full feature access (the most expensive seat)
- Salesforce Platform — internal user, but no access to standard objects like Lead, Opportunity, Case — used for custom-only orgs
- Customer Community / Experience Cloud — external portal users (customers)
- Partner Community — external partner reps, with channel-specific features
Common interview follow-ups
- Profile vs permission set — a profile is required and every user has exactly one; permission sets are optional additive bundles. Modern best practice is minimal profile + permission sets for everything else.
- Can a user have multiple profiles? — No. One profile per user, ever. Permission sets are how you stack additional access.
- What happens to records when you deactivate a user? — Records stay where they are. Ownership doesn’t auto-transfer. This is why best practice is to reassign first, deactivate second.
- How do you handle a temporary access change for one user? — Permission set, not profile change. Profile changes affect everyone with that profile.
Verified against: Salesforce Help — User Fields, Trailhead module Manage Your Salesforce Users. Last reviewed 2026-05-17.