English 中文(简体)
Salesforce - Control Access Records
  • 时间:2024-12-22

Salesforce - Control Access Records


Previous Page Next Page  

In this chapter, we will learn about the Control Access Records in Salesforce. Many times, beyond the access restriction for the objects and fields, we also need to restrict access to certain records of an object. This requires setting up of access restriction for a user based on the values in the records.

Record Ownership

A unique feature of Salesforce is the ownership of every stored record. Every record in every object has a field which marks the ownership of that record. A user who needs access to this record becomes part of the profile which is same as the profile of the owner of that record.

Restriction Mechanism

Access is granted at multiple levels pke Object, Field and Records. Confpcts might come up between the access levels. There may be a read access on a record but the object containing it might not have read access for a user. In such case, the access type which is more restrictive (gives less access) will be appped. So a record without access permission will remain inaccessible even when the object containing it is accessible and an Object without access permissions will remain inaccessible even when it has some records to which the user has read access.

Record Sharing Mechanism

The Saleforce platform provides four distinct mechanisms to share the records of an object with the users.

    Organization-wide defaults

    Manual sharing

    Role hierarchies

    Sharing rules

Organization-wide defaults

In this mechanism, a minimal access level is created and granted to all the users. So every user who is part of the organization, gets access to these records. Then, the access for additional records is customized by clubbing the users into role hierarchies, sharing rules and also through manual sharing with each of the user.

There are four types of sharing models which implement the organization-wide default settings.

Sr.No Settings & Result
1

Pubpc Read/Write

All users can view, edit, and report on all records.

2

Pubpc Read Only

All users can view and report on records but not edit them. Only the owner, and users above that role in the hierarchy, can edit those records.

3

Private

Only the record owner, and users above that role in the hierarchy, can view, edit, and report on those records.

4

Controlled by Parent

A user can perform an action (such as view, edit, or delete) on a contact based on whether he or she can perform that same action on the record associated with it.

Manual Sharing

In this access model, the record owners give the read and edit permissions to specific users. So it is a manual process in which inspanidual or group of records are handled by the record owners. This is to be done for each user profile that needs the access.

In our subsequent chapters, we will discuss role hierarchies and sharing rules.

Advertisements