Salesforce - Control Access Records


Advertisements

In this chapter, we will learn about the Control Access Records in Salesforce. Many times, beyond the access restriction for the objects and fields, we also need to restrict access to certain records of an object. This requires setting up of access restriction for a user based on the values in the records.

Record Ownership

A unique feature of Salesforce is the ownership of every stored record. Every record in every object has a field which marks the ownership of that record. A user who needs access to this record becomes part of the profile which is same as the profile of the owner of that record.

Restriction Mechanism

Access is granted at multiple levels like Object, Field and Records. Conflicts might come up between the access levels. There may be a read access on a record but the object containing it might not have read access for a user. In such case, the access type which is more restrictive (gives less access) will be applied. So a record without access permission will remain inaccessible even when the object containing it is accessible and an Object without access permissions will remain inaccessible even when it has some records to which the user has read access.

Record Sharing Mechanism

The Saleforce platform provides four distinct mechanisms to share the records of an object with the users.

  • Organization-wide defaults
  • Manual sharing
  • Role hierarchies
  • Sharing rules

Organization-wide defaults

In this mechanism, a minimal access level is created and granted to all the users. So every user who is part of the organization, gets access to these records. Then, the access for additional records is customized by clubbing the users into role hierarchies, sharing rules and also through manual sharing with each of the user.

There are four types of sharing models which implement the organization-wide default settings.

Sr.No Settings & Result
1

Public Read/Write

All users can view, edit, and report on all records.

2

Public Read Only

All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records.

3

Private

Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.

4

Controlled by Parent

A user can perform an action (such as view, edit, or delete) on a contact based on whether he or she can perform that same action on the record associated with it.

Manual Sharing

In this access model, the record owners give the read and edit permissions to specific users. So it is a manual process in which individual or group of records are handled by the record owners. This is to be done for each user profile that needs the access.

In our subsequent chapters, we will discuss role hierarchies and sharing rules.

Useful Video Courses


Video

Salesforce Online Training

49 Lectures 3.5 hours

Manigandan Jagadeesan

Video

Salesforce Certified Administration

113 Lectures 13 hours

Eduonix Learning Solutions

Video

A Practical Guide To SFDX and Salesforce CLI

37 Lectures 3 hours

Manish Choudhari

Video

Cloud Computing with SALESFORCE HEROKU

22 Lectures 4.5 hours

Pranjal Srivastava

Video

Salesforce Report and Dashboard

43 Lectures 7 hours

Debasis Jena

Video

Salesforce Lightning Components Development Tutorial

54 Lectures 8 hours

SYED CHAND SHAH

Advertisements