What defines whether a user can create and edit records?

The ability for a user to create and edit records is governed by object permissions. These permissions are set up within the platform to determine what actions a user can perform across various objects, such as accounts, contacts, or custom objects. Object permissions control whether a user can create new records, edit existing records, delete records, and view records belonging to a particular object type.

When a user is assigned a profile that includes specific object permissions, it defines their access level with regard to that object's functionality. For instance, if a user has "Create" and "Edit" permissions on the accounts object, they can create new accounts and edit existing ones. Consequently, if a user does not have the appropriate object permissions for a specific record type, their ability to create or edit records is restricted, regardless of other settings.

Field-level security, profile settings, and record ownership play roles in the broader context of record visibility and access, but they do not explicitly dictate the user’s ability to create or edit records in the same foundational way that object permissions do. Field-level security restricts access to specific fields within an object, profile settings define the overall permissions and access levels, and record ownership determines who has ownership of a record, which can affect access but does not