In the previous blog, we discussed sharing record with sharing rules using Public Group & Role. In this blog, we will discuss the additional options to share records based on the object types.
Grant Access Using Hierarchies
In the Organization-Wide Defaults, we can see if Grant Access Using Hierarchies is enabled for each object. For Standard objects, this is enabled by default and cannot be disabled, while for custom objects, admin can enable/disable "Grant Access Using Hierarchies" for each object.
If Grant Access Using Hierarchies is enabled, users in the above role hierarchy will be able to access or edit the records (depend on the profile permission too).
While if Grant Access Using Hierarchies is disabled, users in the above role hierarchy will not able to access the records of that object, unless it shared using other methods, such as sharing rules, or etc.
Access to Contact, Opportunity, and Case from Sharing Rule
Contact, Opportunity, and Case are standard objects for Sales/Service Cloud, but these 3 objects are special and different from other standard Salesforce objects, they are linked directly to Account, and admin able to configure access to records in these 3 objects based on the Account ownership.
When you create a sharing rule for Account, you will able to set Contact, Opportunity, and Case access too, so you can define Contact, Opportunity, and Case access from Account Sharing Rule.
Access to Contact, Opportunity, and Case from User Role
Each user ideally assigned with a role. In the role setting, there is an additional access setting for Contact, Opportunity, and Case.
As the above screenshot, from Role setting in the role hierarchy, user may be able to view or edit Contact, Opportunity, and Case if the user owns the Account. This also includes users in the above role hierarchy of the record owner.
Access to Contact, Opportunity, and Case from User Role can this be overriden from anywhere?
ReplyDeleteProfile can extend access
Delete