Pages

Thursday, August 21, 2014

How to use Salesforce sharing rules with Profiles?

Scenario: we have a group of people need to edit all opportunity, this user is defined by Profile. When we enable Modify All permission in the profile, it will enable Delete permission as well, which is not allowed. User in the profiles scattered around many Roles.

Thinking about to use sharing rules, but as of know Summer '14 release, sharing rules is based on Public Group and Role only. To create a new Public Group and add user to the group manually is not nice solution as admins tend to forget to add / remove user from the group.



To move all users from those Profiles to top role hierarchy is not good option, as it will open access to all other objects.

Found an idea in IdeaExchange - Sharing Settings allow Share With User or Profile

Since all point and click option is not a good option. We found it is easier to use a simple trigger to block user to delete the record.
  • Left Modify All permission enable for the Profile (which also mean Delete permission enabled)
  • Add a trigger to check what is the User Profile
  • If the Profile(s) allowed to delete might change, you can use a Custom Setting to specify the Profiles allowed, and have the trigger read the Custom Setting instead of hard coding.
Here is a snippet of the trigger for Opportunity, where you can enhance with multiple Profiles and Custom Setting

trigger StopDeleteOpportunity on Opportunity (before delete) {
    for (Opportunity opty : System.Trigger.Old) {
        String profileId = userinfo.getProfileId();
        System.Debug('userinfo.getProfileId - ' + profileId);
        String profileName=[Select Id,Name from Profile where Id=:profileId].Name;    
        System.Debug('Profile Name - ' + profileName);

        if (profileName != 'Sales Ops')
        {
            opty.addError('You are not allowed to delete Opportunity',False);
        }
    }
}


Reference:

No comments:

Post a Comment

Page-level ad