The requirement is to grant a few specific users read-only access to all Opportunity records, overriding the private organization-wide default. The most precise and secure method to achieve this is by using a permission set. The "View All" permission is an object-level permission that grants read access to all records of a specific object (in this case, Opportunity), irrespective of sharing rules or ownership. This adheres to the principle of least privilege by not granting unnecessary access to other objects or system-wide data modification capabilities. Assigning this permission via a permission set allows for targeted access for only the required users.

A. View All Data is a system-level permission that grants read access to all data in the org, which is overly permissive and violates the principle of least privilege.

B. While using a permission set is correct, granting View All Data is still too broad, as it provides access to all objects, not just the required Opportunity object.

1. Salesforce Help & Training, Object Permissions: This document distinguishes between object-level permissions. It states, "For each object, View All and Modify All...give users access to all records of that object, regardless of sharing settings." This directly supports using "View All" for the Opportunity object.

Reference: Salesforce Help, "Object Permissions," under the "Standard Object Permissions" section.

2. Salesforce Help & Training, Permission Sets: This resource explains the purpose of permission sets. "A permission set is a collection of settings and permissions that gives users access to various tools and functions...you can use permission sets to grant access to custom objects or to make a field visible or editable in a specific app." This supports using a permission set for a small group of users.

Reference: Salesforce Help, "Permission Sets," "Permission Set Concepts" section.

3. Salesforce Architects, Record-Level Security: The Architect's guide on sharing discusses how permissions can override sharing. It clarifies the difference between object-level permissions like "View All" and system-wide permissions like "View All Data," recommending the former for object-specific requirements.

Reference: Salesforce Architect's Handbook, "Record-Level Security," section on "Object Access via Profiles and Permission Sets."

4. Salesforce Help & Training, Administrative Permissions: This document details system-wide permissions. It describes "View All Data" as a permission that allows a user to "View all data for your organization, regardless of the user's permissions." This confirms that options A and B are too broad for the stated requirement.

Reference: Salesforce Help, "Administrative Permissions," entry for "View All Data."