record sharing model in salesforce
TRANSCRIPT
![Page 1: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/1.jpg)
Presented By: Sunil Kumar
Email id: [email protected]
Twitter : @sunil02kumar
Blog: http://sunil02kumar.blogspot.in/
RECORD SHARING MODEL IN SALESFORCE
![Page 2: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/2.jpg)
Module Agenda
Overview of record access.
Record Ownership.
Organization-wide Defaults.
Roles and “Group” of Users.
Sharing.
![Page 3: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/3.jpg)
Record Access
The sharing model determines access to specific records.
- Who has access?
- What level of access?
- Why they have access?
Access to records is dependent on object CRUD.
![Page 4: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/4.jpg)
Levels of Record Access
Full Access Privileges:
- View
- Edit
- Transfer Ownership
- Delete
- Share
Read/ Write Privileges:
- View
- Edit
Read-Only Privileges:
- View
Full Access
-Transfer
Ownership
-Delete
- Share
Read/Write
- Edit
Read Only
- View
![Page 5: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/5.jpg)
Ways to obtain Access to a Record
Full Access:
Owner field
- User
- Queue Member
Above user(who has ownership) in the role hierarchy
Profile Permission: “Modify All Data”
Object permission: “Modify All”
Read/Write or Read-Only Access
Organization-wide default
Above user(who has read/write or read-only access) in role hierarchy
Manually sharing
Sharing rules
Apex Sharing
Profile Permission: “View All Data”
Object Permission: “View All”
![Page 6: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/6.jpg)
Let`s compare….Profiles & the Sharing Model
Profiles
Controls access to objects(Candidates, Positions, etc.)
Controls access to fields(Candidate Name, Min Pay, Skill Required, etc.)
Sharing Model
Controls access to records(e.g., one candidate, Joe Schmoe, one position,
Black Box Tester)
So, a User`s profile might specify that a user can see candidates, but the sharing
model determines which candidates that user can see.
The sharing model determine that a user can see Joe Schmoe, but the profile
specifies which fields that user can view and edit.
![Page 7: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/7.jpg)
Module Agenda
Overview of record access.
Record Ownership.
Organization-wide Defaults.
Roles and “Group” of Users.
Sharing.
![Page 8: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/8.jpg)
Record Ownership
Most Records have an associated Owner.
- Exception: Child records in a master-detail relationship inherit access rights from parent record.
Types or Owners:
- Users
- Queues.
Record owners have Full Access.
![Page 9: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/9.jpg)
Module Agenda
Overview of record access.
Record Ownership.
Organization-wide Defaults.
Roles and “Group” of Users.
Sharing.
![Page 10: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/10.jpg)
What are Organization-wide Defaults(OWD)?
Organization-wide defaults are a security setting that defines the
baseline level of access to data records that you do not own.
They are the only way to restrict access to data in the sharing
model.
They can be defined for the custom as well as several standard
objects.
Access levels:
- Public Read/Write(all users can see and edit every record)
- Public Read- only(all users can see every record)
- Private(users can only see records that they own)
![Page 11: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/11.jpg)
Determining How to Set OWD for an Object
Questions to ask:
1. Who is the most restricted user of this object?
2. Is there ever going to be an instance of this object that this user shouldn`t
be allowed to see?
3. Is there ever going to be an instance of this object that this user shouldn`t
be allowed to edit?
![Page 12: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/12.jpg)
Organization-Wide Defaults Considerations
Child records in the master-details relationships inherit their organization-wide
defaults from their parents.
Child records in lookup relationships have independent organization-wide
defaults from their parents.
Changing organization-wide defaults can produce unintended consequences;
consider your business requirements carefully before setting your
organization-wide defaults.
Changing organization-wide defaults can potentially delete manual sharing if
that sharing is no longer needed,
- For example, Changing from Private to Public Read/Write.
![Page 13: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/13.jpg)
Module Agenda
Overview of record access.
Record Ownership.
Organization-wide Defaults.
Roles and “Group” of Users.
Sharing.
![Page 14: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/14.jpg)
Universal Containers Scenario
Universal Containers `role hierarchy
![Page 15: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/15.jpg)
What are Roles and Role Hierarchy?
A Role:
Controls the level of visibility that an organization`s data
A user may be associated to one role
The Role Hierarchy:
Controls data visibility roll up for reporting
User *usually* inherit the special privileges of data
owned by or shared with users below them in the
hierarchy
Not necessarily the company`s organization chart
![Page 16: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/16.jpg)
With Standard Objects, Access to records rolls up
through the Role Hierarchy
With Custom Objects, developers choose whether or
not access should roll up through the role hierarchy.
Determined by the Grant Access Using Hierarchies
setting on organization-wide defaults.
Role Hierarchy Considerations
![Page 17: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/17.jpg)
Knowledge Check
Assuming organization-wide defaults are set to private and Grant
Access Using Hierarchies is checked:
1. What can Cynthia Capobianco see?
2. Can Andrew Goldberg see records owned by Amy Lojack? Can
he edit them?
3. Can Megan smith edit records owned by Mario Ruiz?
![Page 18: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/18.jpg)
Public Groups
Public groups are a way of grouping together users for access.
- Can be used in a sharing rule.
- Can be used to give access to folders.
Every organization has default public group: Entire Organization.
Public Group can be made up of any combination of:
- Users.
- Roles.
- Roles and Subordinates.
- Public Groups.
Public Group membership is updated when public groups are made up of roles or
roles and subordinated, or when a user is added or removed from the role.
![Page 19: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/19.jpg)
Module Agenda
Overview of record access.
Record Ownership.
Organization-wide Defaults.
Roles and “Group” of Users.
Sharing.
![Page 20: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/20.jpg)
Universal Containers Scenario
Megan Smith`s team cannot see any reviews owned by
Andrew Goldberg`s tem.
Ben Staurt cannot see reviews written by QA or Product
Management.
Melissa Lee cannot see records for candidates she need to
interview.
![Page 21: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/21.jpg)
Sharing Rules and Manual Sharing
Sharing Rules :
- Automatic exception to organization-wide defaults for
particular group of users.
- Used to open up access to records.
- Never permitted to be more strict than organization-wide
default settings.
- Sharing can be based on record owner or criteria based.
Manual Sharing:
- Used to open up access to a specific record.
- Granted by owners, anyone above owners in the role
hierarchy, and System Administrators.
![Page 22: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/22.jpg)
Apex Sharing Reasons
Clicking the Sharing button on a record displays the various reasons
that a user might have access to a record. Examples of sharing
reasons include:
- Administrator.
- Owner
- Custom Object Sharing Rule.
Establish Apex sharing reasons allows developers to define the
reason that a user or group of users might have access to a record.
The Apex sharing reasons describe why users can access a record.
Examples might be:
- Open Position(users have access to a position record because that
position is currently open).
- Hiring Manager(User might have access to position because they are
the hiring manager on that position).
Apex sharing reasons are defined for custom objects only.
Apex sharing reasons are defined object by object.
.
![Page 23: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/23.jpg)
Sharing Records
Simple
FlexibleAutomated
Manual SharingSharing Rules
Apex Sharing
![Page 24: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/24.jpg)
Sharing and Security
Review
Permissions (Profile)
- View All Data
Record Ownership
Organization-wide Defaults
- Read-Only
- Read/write
Roles
- Above the record owner?
Sharing
- Sharing Rules.
- Manual Sharing.
- Apex Manage Sharing
Permissions(Profile)
Record Ownership
Organization Wide Default
Roles
Sharing
Yes No
YesNo
No
No
No
Yes
Yes
Yes
![Page 25: Record sharing model in salesforce](https://reader033.vdocuments.us/reader033/viewer/2022051521/5a6489f07f8b9a3b568b4c6d/html5/thumbnails/25.jpg)