Sharing Rules, Manual Sharing and Access through Hierarchy

Finally I understood that Manual Sharing and Sharing Rules are not the same.

Sharing Rules edit\create options are located under Security Controls\Sharing Settings on the bottom of the page. You have to scroll to the very end of the page to finally notice them. When you click new or edit button you will see the following screen

SharingRules

There are two types of sharing rules: the first one allows you to define a rule base on a record owner. If owner is member of any specific Public Group, has any Role, has any Role or is and internal subordinate of a person with specific role or portal subordinate, if user belongs to Managers Groups or Manager Subordinates Groups, you can select appropriate public group, role or managers group. Introducing Manager groups and subordinates groups in Spring 15 seems to be very reasonable to me, since I don’t understand why user who is above in role hierarchy but who is not direct or indirect manager of the current user should have access to records which are shared with the current user.

The other option is to use criteria-based rule. To use it you have to specify condition on either record Owner or record Creator (Created By field value) or last record modifier (Last Modified By field value) to match any value by one operator of the list (equals to, not equals to, starts with, contains, does not contain, less than, greater than, less or equal, greater or equal, includes, excludes, within) or you can use Name field or any custom field.

CriteriaBasedSR

For Professional, Enterprise, Unlimited, Performance, and Developer Editions, administrators can create up to 300 sharing rules per object, including up to 50 criteria-based rules. So keep in mind that you can’t have more than 50 criteria-based sharing rules per one object and you can’t have more than 300 sharing rules total per one object.

Meanwhile manual sharing is invoked from different place, you have to click Sharing button on the record you want to share (it should be present after Edit, Delete, Clone button; if it is not present this means either someone has removed that button from layout and you need just to put it back while editing layout or your object has public read\write access so you cannot enlarge access for any users on its records, in second case you may consider making your object private or public read only).

ManualSharing

In addition to giving access to users which belong to particular Public Group, Manager Group, Manager Subordinates Group, Role, or who is subordinate of another user with given Role, which was available for Sharing Rules, here you can also give access to particular users which may not belong to any group or role.

Also grant access through hierarchy works in different way than one may assume. It doesn’t honor Manager field on user (but new feature released in Spring 15 called Manager Group honor it).

More information about Role Hierarchy Sharing you can find in knowledge article https://patlatus.wordpress.com/2015/08/15/controlling-access-using-hierarchies-in-salesforce/ which I have copied from Salesforce documentation.

More information about Manager Groups you can find in another knowledge article https://patlatus.wordpress.com/2015/08/15/sharing-records-with-manager-groups-in-salesforce/ which I have also copied from Salesforce documentation.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s