lmteq logo all rights reserved

Sharing rules in Salesforce

Concept of Sharing in Salesforce

Salesforce has often proven itself to be a dynamic and easy-to-use interface. Salesforce lets you control access to data at different levels. For example, you can control the access your users have to objects with object permissions and within objects and you can control the access users have to fields using field-level security. Sharing settings can be used to control access to data at the record level.
Sharing allows record-level access control for all custom objects and also many standard objects. The administrators first set an object’s organization-wide default sharing access level, and then grant additional access based on factors pertaining to the types of sharing involved in Salesforce.

Methods of sharing in Salesforce

1. Managed Sharing

Managed Sharing involves sharing access granted by Force.com or the Lightning Platform based on three criteria –

Record Ownership in Salesforce

It is common that every record is owned by a user or optionally, a queue for custom objects, cases and leads. The record owner is granted complete access to view, edit, share, transfer and delete a particular record.

Role Hierarchy in Salesforce

The role hierarchy allows users high on the hierarchy to have the same level of access to records owned by or shared with users under them. As a result, the users above the owner in the role hierarchy are also tacitly granted complete access to the record.
If the need arises, then an aberration can be introduced where complete access can be disabled for specific custom objects. The role hierarchy access is derived at runtime and is not maintained with sharing records.

Sharing Rules in Salesforce

Administrators use sharing rules as a means of granting users who are a part of a specific group or a role-access, automatic access to records owned by another group of users. They represent the exceptions to organization-wide default settings. If organization-wide sharing defaults of ‘Public Read-only’ or ‘Private’ exist, additional rules can be defined that give additional users access to records that are not owned by them. Sharing rules in Salesforce can also be used to extend sharing access to users in public groups, roles or territories.

hey provide particular users greater access by making automatic exceptions to the organization-wide sharing settings. It is handy to note that sometimes, it is impossible to define a consistent group of users who need access to a particular set of records. In such cases, record owners can make use of manual sharing in Salesforce to give read-and-edit permission to users who would otherwise not have access to the record. Although manual sharing in Salesforce is not automated like managed sharing is, it gives record owners a necessary flexibility to share particular records with users that need to view them.

Need for Sharing rules in Salesforce

There are security components that are necessary to define the level of access to data whenever the role hierarchy grants vertical access to data. Companies often face a situation where information requires to be withheld or shared based on roles. For example, if marketing managers are interested in taking an idea of all closed-won opportunities and this information is limited to sales managers only, by default, this access can be extended to marketing specialists with the help of sharing rules.
Deciding on data availability, ie, whether data can be seen by all users or a particular group within an organization is a vital decision that affects overall security of the organization. Hence, a robust security model must be created by using sharing rules appropriately. This facilitates horizontal access to data whenever necessary and prevents data from being stolen. It also offers a limited access, thus preventing misuse of information by other users. This is how organizations use security components such as sharing rules to benefit them.
The basic objective of sharing rules is to open up horizontal access to data. Access cannot be restricted with sharing rules and if restricted access is required to be maintained then another security layer is necessary in this scenario. Sharing rules are of two types-

Owner-based sharing rules in Salesforce opens access to records owned by certain users. For example, let us consider a scenario wherein a company’s sales manager needs to see the opportunities owned by sales managers in a different region. The sales manager of one region, let us call this region ‘X’, could give access to opportunities owned by him to the sales manager of region ‘Y’ using Owner based sharing in Salesforce. Unlike criteria based sharing rules, Owner based sharing rules in Salesforce share data based on the ownership of said object.

2. Manual Sharing in Salesforce

Manual sharing in Salesforce is also referred to as User-managed sharing. It allows greater
flexibility than managed sharing where the record owner is allowed to share with any user or user group. Contextually, this is often utilized by an end-user for a single record. Full access for the record is only granted to the record owner and users above the owner in the role hierarchy while other users cannot be granted full access.

The record can also be manually shared by users who are given the ‘Modify-all’ object-level permission. Manual sharing in Salesforce is disabled when the record owner changes or if the access granted through sharing does not grant additional access beyond the object’s organization-wide sharing default access level.

For example, let us consider that a partner user wants to collaborate with the sales representative. If disabled, community users can only be seen by themselves and their superiors in the role hierarchy. Using manual sharing, you can grant the partner user read- access to the sales representative. This enables both parties to interact and collaborate.

Managed sharing provides a great amount of data security and accountability while Manual sharing provides a great amount of flexibility. There is a third means of sharing called Apex managed sharing which provides even more incentive to share data securely.