Pages

Thursday, November 12, 2020

Salesforce: Controlling Record Access (Contact, Opportunity, Case)

In the previous blog, we discussed sharing record with sharing rules using Public Group & Role. In this blog, we will discuss the additional options to share records based on the object types.


Grant Access Using Hierarchies

In the Organization-Wide Defaults, we can see if Grant Access Using Hierarchies is enabled for each object. For Standard objects, this is enabled by default and cannot be disabled, while for custom objects, admin can enable/disable "Grant Access Using Hierarchies" for each object.

If Grant Access Using Hierarchies is enabled, users in the above role hierarchy will be able to access or edit the records (depend on the profile permission too).

sample: Maria Ann able to access the record, because she is assigned with the higher role hierarchy of the record owner Free Man

While if Grant Access Using Hierarchies is disabled, users in the above role hierarchy will not able to access the records of that object, unless it shared using other methods, such as sharing rules, or etc.


Access to Contact, Opportunity, and Case from Sharing Rule

Contact, Opportunity, and Case are standard objects for Sales/Service Cloud, but these 3 objects are special and different from other standard Salesforce objects, they are linked directly to Account, and admin able to configure access to records in these 3 objects based on the Account ownership.

When you create a sharing rule for Account, you will able to set Contact, Opportunity, and Case access too, so you can define Contact, Opportunity, and Case access from Account Sharing Rule.




Access to Contact, Opportunity, and Case from User Role

Each user ideally assigned with a role. In the role setting, there is an additional access setting for Contact, Opportunity, and Case. 

As the above screenshot, from Role setting in the role hierarchy, user may be able to view or edit Contact, Opportunity, and Case if the user owns the Account. This also includes users in the above role hierarchy of the record owner.



No comments:

Post a Comment

Page-level ad