Permission sets are what should be used to allow additional field-level access to individual

employees based on their job duties. Permission sets are a type of metadata that grant additional

access and permissions to users based on their functional or departmental needs. Permission sets

can include field-level security settings that allow read or edit access to specific fields on an object.

Permission sets can be assigned to multiple users, regardless of their profile. Individual profiles are a

type of metadata that define the baseline access and permissions for users based on their license

type and job function. Profiles include field-level security settings that allow read or edit access to

fields on an object. Profiles cannot be assigned to individual users, but to a group of users who share

the same license and job function. Role hierarchy is a type of metadata that define the level of access

and visibility of records for users based on their position in the organization. Role hierarchy allows

users to access records owned by or shared with users below them in the hierarchy. Role hierarchy

does not affect field-level access, but record-level access.