Sharing Settings

Setup

To manage sharing settings, you must:

Permissions

To manage sharing settings, you need:

  • System permissions:

    • Assign Permission Sets

    • Manage Internal Users

    • Manage IP Addresses

    • Manage Login Access Policies

    • Manage Password Policies

    • Manage Profiles and Permission Sets

    • Manage Roles

    • Manage Sharing

    • Manage Users

    • Reset User Passwords and Unlock Users

    • View All Users

    • View Setup and Configuration

Basics

Sharing settings control record access.

  • Use organization-wide sharing defaults to lock down record access to the most restrictive level.

  • Use the role hierarchy, sharing rules, and manual sharing to expand record access.

There are four main ways of controlling who has access to records with Salesforce tools. The levels progress from most restrictive to most permissive.

  1. Organization-Wide Sharing Defaults

    • These are the most restrictive rules.

    • Define the default settings for records for each object.

  2. Role Hierarchy

    • Records are shared based on the organization’s defined Salesforce hierarchy

  3. Sharing Rules

    • Shares records among groups of users

  4. Manual Sharing

    • One-off access granted on a record-by-record basis.

    • Most permissive record access.

image

Data Access Basics

  • When working with object access, the most permissive access wins.

  • When working with record access, the most permissive access wins.

  • When working with field access, the most restrictive access wins.

Organization-Wide Sharing Defaults

Basics

Organization-wide sharing defaults set the base level of access that users have to records they don’t own.

You can’t restrict access beyond the organization-wide sharing defaults.

For most objects, you can set the default level of record access to:

  1. Private: restricts access to all records.

  2. Public Read Only: grants users access to view all records.

  3. Public Read/Write: grants users access to view and edit all records.

When you select Private:

  • Records are only visible to record owners and those above them in the role hierarchy.

  • Set up a role hierarchy or add sharing rules to grant record access.

Child Objects

Child objects inherit their default level of access from their parent object.

You can’t change the default level of access for child objects.

Configuring Organization-Wide Sharing Defaults

  1. Access FieldFX Back Office

  2. Switch to Salesforce Classic

  3. From Setup, enter "sharing" in the Quick Find box, then select Sharing Settings

  4. Under Organization-Wide Defaults, click Edit

  5. Complete the following for each object:

    1. Under Default Internal Access, select the default level of access:

      • Select Private to restrict access to records

      • Select Public Read Only to give users access to view but not edit records

      • Select Public Read/Write to give users access to view and edit records

    2. (Optional) Deselect Grant Access Using Hierarchies to prevent automatic record access using the role hierarchy

      If you leave this option selected, records shared with a user are also shared with users above them in the role hierarchy.

      You can only deselect this option for custom objects that don’t have a parent object (e.g. Job).

  6. Click Save

  7. Click OK

If you select Private as the Default Internal Access:

  • Records are visible only to record owners and those above them in the role hierarchy.

  • Set up a role hierarchy or add sharing rules to grant access to records.
You will receive an email confirmation once your sharing settings recalculate.

Role Hierarchy

Basics

A role hierarchy features a series of roles ranked one above the other according to authority.

Roles control the level of access that users have to records for each object:

  • Users can access records owned by or shared with users below them in the hierarchy, unless specified otherwise in the organization-wide sharing defaults.

  • Users inherit the same data access as their subordinates for records not owned by their subordinates.

  • Users in the same role level can’t access each other’s records.

Tips

  • Define a role hierarchy that represents data access needs, not your company’s organization chart.

  • Take time to set up the role hierarchy, as it’s the foundation for your sharing settings.

  • Simplify a role hierarchy as much as possible and don’t use more than 10 levels.

  • Always assign users to roles in the role hierarchy.

Adding a Role Hierarchy

  1. Access FieldFX Back Office

  2. Switch to Salesforce Classic

  3. From Setup, enter "manage users" in the Quick Find box, then select Roles

  4. Click Set Up Roles

  5. Add roles to the hierarchy:

    1. Click Add Role

    2. In Label, enter a role name

    3. In This role reports to, select the role under which to place the role

    4. Click Save & New

    5. Repeat steps b to d. Click Save to finish.

  6. From Setup, enter "manage users" in the Quick Find box, then select Roles

  7. Click Expand All

  8. Assign users to the roles:

    1. Click Assign next to the role

    2. In Available Users, select users

    3. Click Add

    4. Click Save

    5. Repeat steps a to d

Sharing Rules

Basics

Sharing rules grant users record access on an object-by-object basis.

Sharing rules grant wider record access but can’t restrict record access.

There are two types of sharing rule:

  • Based on record owner: shares records owned by specific users.

  • Based on criteria: shares records based on criteria that analyzes values in the records.

Adding a Sharing Rule Based on Record Owner

Prerequisite

Add a role hierarchy or add public groups

  1. Access FieldFX Back Office

  2. Switch to Salesforce Classic

  3. From Setup, enter "sharing" in the Quick Find box, then select Sharing Settings

  4. In Manage sharing settings for, select the object for which to add the sharing rule

  5. Under Sharing Rules, click New

  6. Under Step 1, enter a name for the rule

  7. Under Step 2, select Based on record owner

  8. Under Step 3, select the public group or role that owns the records

  9. Under Step 4, select the public group or role with whom to share the records

  10. Under Step 5, select:

    • Read Only to give users access to view but not edit records.

    • Read/Write to give users access to view and edit records.

  11. Click Save

  12. Click OK

Adding a Sharing Rule Based on Criteria

Prerequisite

Add a role hierarchy or add public groups

  1. Access FieldFX Back Office

  2. Switch to Salesforce Classic

  3. From Setup, enter "sharing" in the Quick Find box, then select Sharing Settings

  4. In Manage sharing settings for, select the object for which to add the sharing rule

  5. Under Sharing Rules, click New

  6. Under Step 1, enter a name for the rule

  7. Under Step 2, select Based on criteria

  8. Under Step 3, select the records to share by defining criteria analyzing field values

  9. Under Step 4, select the public group or role with whom to share the records

  10. Under Step 5, select:

    • Read Only to give users access to view but not edit records

    • Read/Write to give users access to view and edit records

  11. Click Save

  12. Click OK

Public Groups

Basics

A public group is collection of users to whom a sharing rule applies.

Adding public groups reduces the number of sharing rules required.

Public groups can consist any combination of:

  • Individual users

  • Other public groups

  • Roles

  • Roles and subordinates

There are two ways to use public groups in sharing rules:

  • Share records with group members.

  • Share records owned by group members with other users.

Adding a Public Group

  1. Access FieldFX Back Office

  2. Switch to Salesforce Classic

  3. From Setup, enter "public group" in the Quick Find box, then select Public Groups

  4. Click New

  5. In Label, enter a group name

  6. (Optional) Deselect Grant Access Using Hierarchies to prevent automatic access to the public group’s records using the role hierarchy

  7. In Search, select the type of users to include in the public group

  8. In Available Members, select users

  9. Click Add

  10. Click Save

Manual Sharing

Basics

Manual sharing grants

  • account access to roles or public groups on a record-by-record basis.

  • wider account access but can’t restrict account access.

Sharing an Account

Prerequisite

You must be the record owner, in a role above the record owner, or have the permissions to share an account.

  1. Access FieldFX Back Office

  2. Switch to Salesforce Classic

  3. Open the Accounts tab

  4. Open the account

  5. Click Sharing

  6. Click Add

  7. In Search, select the type of users with whom to share the account

  8. In Available, select users

  9. Click Add

  10. In Account Access, select:

    • Read Only to give users permission to view but not edit the account

    • Read/Write to give users permission to view and edit the account

  11. Click Save