Sharing Settings

Prerequisites

To setup and use sharing settings, you need to:

Have these permissions Complete these tasks
and review these topics
before continuing

System Permissions:

  • Assign Permission Sets

  • Manage Internal Users

  • Manage IP Addresses

  • Manage Login Access Policies

  • Manage Password Policies

  • Manage Profiles and Permission Sets

  • Manage Roles

  • Manage Sharing

  • Manage Users

  • Reset User Passwords and Unlock Users

  • View All Users

  • View Setup and Configuration

Introduction

Sharing settings control record access.

You can use organization-wide sharing defaults to lock down record access to the most restrictive level. Also you can use the role hierarchy, sharing rules, and manual sharing to expand record access.

There are four main ways of controlling who has access to records with Salesforce tools. The levels progress from most restrictive to most permissive.

Most Restrictive to
Most Permissive
Rank Level Description

Most Restrictive

1

  • These are the most restrictive rules.

  • Define the default settings for records for each object.

2

  • Records are shared based on the organization’s defined Salesforce hierarchy

3

  • Shares records among groups of users

Most Permissive

4

  • One-off access granted on a record-by-record basis.

  • Most permissive record access.

Data Access Basics

When working with…​ This access wins…​

Object access

Most permissive

Record access

Most permissive

Field access

Most restrictive

Organization-Wide Sharing Defaults

Organization-wide sharing defaults set the base level of access that users have to records they don’t own.

You can’t restrict access beyond the organization-wide sharing defaults.

For most objects, you can set the default level of record access to:

  1. Private: restricts access to all records.

  2. Public Read Only: grants users access to view all records.

  3. Public Read/Write: grants users access to view and edit all records.

When you select Private:

  • Records are only visible to record owners and those above them in the role hierarchy.

  • Set up a role hierarchy or add sharing rules to grant record access.

Child Objects

Child objects inherit their default level of access from their parent object.

You can’t change the default level of access for child objects.

Configuring Organization-Wide Sharing Defaults

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter `sharing" in the Quick Find box, then select Sharing Settings.

  4. Under Organization-Wide Defaults, click Edit.

  5. Complete the following for each object:

    1. Under Default Internal Access, select the default level of access:

      Purpose Select

      To restrict access to records

      Private

      To give users access to view but not edit records

      Public Read Only

      To give users access to view and edit records

      Public Read/Write

    2. (Optional) Deselect Grant Access Using Hierarchies to prevent automatic record access using the role hierarchy.

      If you leave this option selected, records shared with a user are also shared with users above them in the role hierarchy.

      You can only deselect this option for custom objects that don’t have a parent object (e.g. Job).

  6. Click Save.

  7. Click OK.

If you select Private as the Default Internal Access:

  • Records are visible only to record owners and those above them in the role hierarchy.

  • Set up a role hierarchy or add sharing rules to grant access to records.

You will receive an email confirmation once your sharing settings recalculate.

Role Hierarchy

A role hierarchy features a series of roles ranked one above the other according to authority.

Roles control the level of access that users have to records for each object:

  • Users:

    • Can access records owned by or shared with users below them in the hierarchy, unless specified otherwise in the organization-wide sharing defaults.

    • Inherit the same data access as their subordinates for records not owned by their subordinates.

    • In the same role level can’t access each other’s records.

Tips

  • Define a role hierarchy that represents data access needs, not your company’s organization chart.

  • Take time to set up the role hierarchy, as it’s the foundation for your sharing settings.

  • Simplify a role hierarchy as much as possible and don’t use more than 10 levels.

  • Always assign users to roles in the role hierarchy.

Adding a Role Hierarchy

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter manage users in the Quick Find box, then select Roles.

  4. Click Set Up Roles.

  5. Add roles to the hierarchy:

    1. Click Add Role.

    2. In Label, enter a role name.

    3. In This role reports to, select the role under which to place the role.

    4. Click Save & New.

    5. To add more roles, repeat these steps.

    6. Click Save to finish.

  6. From Setup, enter manage users in the Quick Find box, then select Roles

  7. Click Expand All

  8. Assign users to the roles:

    1. Click Assign next to the role.

    2. In Available Users, select users.

    3. Click Add.

    4. Click Save.

    5. To add other users to roles, repeat these steps.

Sharing Rules

Sharing rules grant users record access on an object-by-object basis.

Sharing rules grant wider record access but can’t restrict record access.

There are two types of sharing rule:

Based on record owner

Based on criteria

Shares records owned by specific users.

Shares records based on criteria that analyzes values in the records.

Adding a Sharing Rule Based on Record Owner

Prerequisite

Add a role hierarchy or add public groups.

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter sharing in the Quick Find box, then select Sharing Settings.

  4. In Manage sharing settings for, select the object for which to add the sharing rule.

  5. Under Sharing Rules, click New.

  6. Under Step 1, enter a name for the rule.

  7. Under Step 2, select Based on record owner.

  8. Under Step 3, select the public group or role that owns the records.

  9. Under Step 4, select the public group or role with whom to share the records.

  10. Under Step 5, select:

    • Read Only to give users access to view but not edit records.

    • Read/Write to give users access to view and edit records.

  11. Click Save.

  12. Click OK.

Adding a Sharing Rule Based on Criteria

Prerequisite

Add a role hierarchy or add public groups.

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter sharing in the Quick Find box, then select Sharing Settings.

  4. In Manage sharing settings for, select the object for which to add the sharing rule.

  5. Under Sharing Rules, click New.

  6. Under Step 1, enter a name for the rule.

  7. Under Step 2, select Based on criteria.

  8. Under Step 3, select the records to share by defining criteria analyzing field values.

  9. Under Step 4, select the public group or role with whom to share the records.

  10. Under Step 5, select:

    • Read Only to give users access to view but not edit records

    • Read/Write to give users access to view and edit records

  11. Click Save.

  12. Click OK.

Public Groups

A public group is collection of users to whom a sharing rule applies.

Adding public groups reduces the number of sharing rules required.

Public groups can consist any combination of:

  • Individual users

  • Other public groups

  • Roles

  • Roles and subordinates

There are two ways to use public groups in sharing rules:

  • Share records with group members.

  • Share records owned by group members with other users.

Adding a Public Group

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter public group in the Quick Find box, then select Public Groups.

  4. Click New.

  5. In Label, enter a group name.

  6. (Optional) Deselect Grant Access Using Hierarchies to prevent automatic access to the public group’s records using the role hierarchy.

  7. In Search, select the type of users to include in the public group.

  8. In Available Members, select users.

  9. Click Add.

  10. Click Save.

Manual Sharing

Manual sharing grants:

  • account access to roles or public groups on a record-by-record basis.

  • wider account access but can’t restrict account access.

Sharing an Account

Prerequisite

You must be the record owner, in a role above the record owner, or have the permissions to share an account.

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic

  3. Open the Accounts tab.

  4. Open the account.

  5. Click Sharing.

  6. Click Add.

  7. In Search, select the type of users with whom to share the account.

  8. In Available, select users.

  9. Click Add.

  10. In Account Access, select:

    • Read Only to give users permission to view but not edit the account

    • Read/Write to give users permission to view and edit the account

  11. Click Save.