Record Sharing
Record Sharing is how we define records that users can view and edit across the Salesforce platform. Record sharing is a key aspect of visibility and security in the Salesforce platform.
Aspects of Record Sharing
Org Wide Defaults
Beginning at the most basic level of sharing are the Org Wide Default settings. These features change the visibility of records at the Object level.
- Controlled by Parent: Users can perform actions (such as view, edit, delete) on a record on the detail side of a master-detail relationship if they can perform the same action on all associated master records.
- Private: Only users who are granted access by ownership, permissions, role hierarchy, manual sharing, or sharing rules can access the records.
- Public Read Only: All users can view all records for the object.
- Public Read/Write: All users can view and edit all records for the object.
Role Hierarchy
The Role Hierarchy in Salesforce is a “person hierarchy” of sorts that allows Admins to define Roles/Titles to assign to users and generate a “top down” structure. The Role Hierarchy aids in sharing access by helping to define various levels of ownership.
Sharing Rules
Within the Setup menu, Admins can generate “Sharing Rules”, the rules are additive (they EXPAND) permissions to record sharing. Setting these up grants further access to records beyond the Org Wide Defaults.
Record Ownership
Regardless of all other org settings, records are visible to their inherent Owner (through the owner field) or members of the Queue assigned to be the record Owner.
Permissions
At a Profile level and Permission Set level, there are options to View All or Modify All, which further grant access beyond the Org Wide Defaults for the Objects and Users to which they are assigned.
How to Utilize
When beginning to define the Object structure of an Org, Admins should first consider the needs of the business before defining Org Wide Defaults. For objects where you want to enable cross team collaboration, setting the object to Public would be a good idea.
For objects that may contain sensitive information you only want select people to see, you may want to set it to Private. Once you have established the basis of your object structure you can begin formulating how you want to further share records.
Role Hierarchies are a great place to start with Sharing. By defining Managers, team members and individual contributors, you can begin to further refine your sharing model. For records like Opportunities, where you may want to limit records to specific teams, you could set the object to Private and then utilize the functions of the Role Hierarchy to place team members under their manager.
In this example, the team members owning the record would allow them and their manager (or anyone above them) to see the record, but maybe not their peers. If you wanted to go a step further, you could create a Sharing Rule to further share Opportunities of that type or for that particular role, to the rest of the users in that team.
Profiles and Permission sets are another way to further refine access. For a particular profile for say a Service Team, you could give it “View All” access to the Case object, allowing anyone of that profile to see all Case records, regardless of the Org Wide Defaults or Sharing Rules.
You can do the same thing via a Permission Set, where you may want to grant further access like “Modify All”. Permission Sets are more flexible than profiles, as they can be added to individual users and don’t affect everyone assigned to a particular Profile type.
Salesforce also offers the option to Manually Share a record, which means a person with view/edit rights to a record can go share it with other users and grant them visibility they may not previously have had.
Who is Impacted?
Admins
Admins are responsible for their Orgs security and should carefully consider the appropriate way(s) to grant access to records for the orgs users.
Users
Utilizing features of Record Sharing ensures that users have the appropriate access to records and are able to perform, or not perform, actions against records.
Management
Management should carefully consider Record Sharing to ensure they are enabling their teams to perform their job duties on a day-to-day basis.