Sharing Settings

Introduction

Sharing settings control who can see and edit different records, such as jobs, tickets, and quotes. The settings determine how data is shared among users based on roles, teams, or specific individuals.

As the system admin, you can use organization-wide sharing defaults to lock down record access to the most restrictive level.

Sharing settings enable you to utilize:

  • Role-Based Sharing: Same role users may have automatic access to relevant records

  • Manual Sharing: Users can grant access to specific records to others when needed

  • Team Sharing: Teams or groups of users can be given access to certain records for more effective collaboration

  • Default Sharing Rules: You can set up default company wide rules to control who can view or edit records

There are four main ways of controlling who has access to records with Salesforce tools. The levels progress from most restrictive to most permissive.

Rank Level Description

Most Restrictive

Down arrow

Most Permissive

1

  • These are the most restrictive rules.

  • Define the default settings for records for each object.

2

  • Records are shared based on the organization’s defined Salesforce hierarchy

3

  • Shares records among groups of users

4

  • One-off access granted on a record-by-record basis.

  • Most permissive record access.

Prerequisites

To setup and use sharing settings, you need to:

Have these permissions Complete these tasks
and review these topics
before continuing

System Permissions:

  • Assign Permission Sets

  • Manage Internal Users

  • Manage IP Addresses

  • Manage Login Access Policies

  • Manage Password Policies

  • Manage Profiles and Permission Sets

  • Manage Roles

  • Manage Sharing

  • Manage Users

  • Reset User Passwords and Unlock Users

  • View All Users

  • View Setup and Configuration

Data Access Basics

Data Access is controlled through a combination of roles, sharing settings, and permissions ensuring users can see and edit only the data they need.

When working with…​

This access wins…​

Object access

Most permissive

Record access

Most permissive

Field access

Most restrictive

Sharing Settings Organization

Key
Takeaways

Organization-Wide Sharing Defaults

Organization-wide sharing defaults set the base level of access that users have to records they don’t own.

You can’t restrict access beyond the organization-wide sharing defaults.

For most objects, you can set the default level of record access to:

  1. Private: restricts access to all records.

  2. Public Read Only: grants users access to view all records.

  3. Public Read/Write: grants users access to view and edit all records.

When you select Private:

  • Records are only visible to record owners and those above them in the role hierarchy.

  • Set up a role hierarchy or add sharing rules to grant record access.

Child Objects

Child objects inherit their default level of access from their parent object.

You can’t change the default level of access for child objects.

Configure Organization-Wide Sharing Defaults

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter `sharing" in the Quick Find box, then select Sharing Settings.

  4. Under Organization-Wide Defaults, click Edit.

  5. Complete the following for each object:

    1. Under Default Internal Access, select the default level of access:

      Purpose Select

      To restrict access to records

      Private

      To give users access to view but not edit records

      Public Read Only

      To give users access to view and edit records

      Public Read/Write

    2. (Optional) Deselect Grant Access Using Hierarchies to prevent automatic record access using the role hierarchy.

      If you leave this option selected, records shared with a user are also shared with users above them in the role hierarchy.

      You can only deselect this option for custom objects that don’t have a parent object (e.g. Job).

  6. Click Save.

  7. Click OK.

If you select Private as the Default Internal Access:

  • Records are visible only to record owners and those above them in the role hierarchy.

  • Set up a role hierarchy or add sharing rules to grant access to records.

You will receive an email confirmation once your sharing settings recalculate.

Role Hierarchy

Role Hierarchy provides a structured way to manage data access based on user roles. This ensures that higher-level users (like managers) automatically have access to records owned by their subordinates which can improve efficiency and security.

Advantages

  • Automatic Data Access - Users that are higher in the hierarchy can automatically view and edit records of users that are below them without needing manual sharing

  • Improved Security - Ensures lower-level users can’t access higher-level data unless intentionally allowed

  • Simplifies Sharing Rules - Reduces need for complex manual sharing settings by allowing data to flow naturally up the hierarchy

  • Better Oversight - Managers can monitor and manage work efficiently without requesting access to individual records

  • Enhances Collaboration - Team leads and supervisors can assist their teams without unnecessary access restrictions

  • Reduces Admin Burden - There is a reduced need for IT or admins to constantly adjust permissions since access is automatically granted based on roles

A role hierarchy features a series of roles ranked one above the other according to authority.

Roles control the level of access that users have to records for each object:

  • Access records owned by or shared with users below them in the hierarchy, unless specified otherwise in the organization-wide sharing defaults

  • Inherit the same data access as their subordinates for records not owned by their subordinates

  • Can’t access each other’s records in the same role level

  • Define a role hierarchy that represents data access needs, not your company’s organization chart.

  • Take time to set up the role hierarchy, as it’s the foundation for your sharing settings.

  • Simplify a role hierarchy as much as possible and don’t use more than 10 levels.

  • Always assign users to roles in the role hierarchy.

Add a Role Hierarchy

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter manage users in the Quick Find box, then select Roles.

  4. Click Set Up Roles.

  5. Add roles to the hierarchy:

    1. Click Add Role.

    2. In Label, enter a role name.

    3. In This role reports to, select the role under which to place the role.

    4. Click Save & New.

    5. To add more roles, repeat these steps.

    6. Click Save to finish.

  6. From Setup, enter manage users in the Quick Find box, then select Roles

  7. Click Expand All

  8. Assign users to the roles:

    1. Click Assign next to the role.

    2. In Available Users, select users.

    3. Click Add.

    4. Click Save.

    5. To add other users to roles, repeat these steps.

Sharing Rules

With sharing rules you can define how records are shared beyond the default role hierarchy. You, or other admins in your org, to grant access to specific users, roles, or teams based on business needs.

Sharing rules grant users record access on an object-by-object basis.

Sharing rules grant wider record access but can’t restrict record access.

Advantages:

  • Automatic Record Sharing - Grant access to users outside the default hierarchy

  • Role & Team-Based Access - Allows sharing with specific roles, groups, or individuals

  • Flexible Permissions - You can set this to Read-Only or Read/Write Access

  • Improve Collaboration - Ensures the right people can access necessary records

Example:

A dispatcher needs access to all jobs assigned to a technician team, so a sharing rule is created to grant that access automatically.

There are two types of sharing rules:

Based on record owner

Based on criteria

Shares records owned by specific users.

Shares records based on criteria that analyzes values in the records.

Add a Sharing Rule Based on Record Owner

Prerequisite

Add a role hierarchy or add public groups.

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter sharing in the Quick Find box, then select Sharing Settings.

  4. In Manage sharing settings for, select the object for which to add the sharing rule.

  5. Under Sharing Rules, click New.

  6. Under Step 1, enter a name for the rule.

  7. Under Step 2, select Based on record owner.

  8. Under Step 3, select the public group or role that owns the records.

  9. Under Step 4, select the public group or role with whom to share the records.

  10. Under Step 5, select:

    • Read Only to give users access to view but not edit records.

    • Read/Write to give users access to view and edit records.

  11. Click Save.

  12. Click OK.

Add a Sharing Rule Based on Criteria

Prerequisite

Add a role hierarchy or add public groups.

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter sharing in the Quick Find box, then select Sharing Settings.

  4. In Manage sharing settings for, select the object for which to add the sharing rule.

  5. Under Sharing Rules, click New.

  6. Under Step 1, enter a name for the rule.

  7. Under Step 2, select Based on criteria.

  8. Under Step 3, select the records to share by defining criteria analyzing field values.

  9. Under Step 4, select the public group or role with whom to share the records.

  10. Under Step 5, select:

    • Read Only to give users access to view but not edit records

    • Read/Write to give users access to view and edit records

  11. Click Save.

  12. Click OK.

Public Groups

A public group is collection of users, roles, and other groups that makes it easier to manage data access and sharing rules. Instead of adding users one by one, you can assign permissions to an entire group at once.

Adding public groups reduces the number of sharing rules required.

Advantages:

  • Flexible Membership - Public groups can consist any combination of:

    • Individual users

    • Other public groups

    • Roles

    • Roles and subordinates

  • Simplified Sharing - Grants access to records without modifying role hierarchies

  • Improves Collaboration - Ensures teams, departments, or cross-functional groups can access shared data easily

  • Sharing Rule Use - Helps define who gets Read-Only or Read/Write access to records

Example:

A company creates a Field Technicians public group to quickly share job schedules with all technicians at once.

There are two ways to use public groups in sharing rules:

  • Share records with group members.

  • Share records owned by group members with other users.

Add a Public Group

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic.

  3. From Setup, enter public group in the Quick Find box, then select Public Groups.

  4. Click New.

  5. In Label, enter a group name.

  6. (Optional) Deselect Grant Access Using Hierarchies to prevent automatic access to the public group’s records using the role hierarchy.

  7. In Search, select the type of users to include in the public group.

  8. In Available Members, select users.

  9. Click Add.

  10. Click Save.

Manual Sharing

Manual sharing grants user access to specific records on a case-by-case basis outside of default role hierarchies and sharing rules. You can use this when a user needs temporary or special access to a record.

Advantages:

  • User-Controlled Access - Individual users can share records with others as needed

  • Flexible Permissions - You can grant Read-Only or Read/Write Access

  • Overrides Default Rules - You can provide access beyond standard role hierarchies and sharing settings

  • Temporary or One-Time Sharing - Ideal for one-off collaboration without changing global settings

Example:

A field technician manually shares a job ticket with another technician to help with troubleshooting.

Share an Account

Prerequisite

You must be the record owner, in a role above the record owner, or have the permissions to share an account.

  1. Access FieldFX Back Office.

  2. Switch to Salesforce Classic

  3. Open the Accounts tab.

  4. Open the account.

  5. Click Sharing.

  6. Click Add.

  7. In Search, select the type of users with whom to share the account.

  8. In Available, select users.

  9. Click Add.

  10. In Account Access, select:

    • Read Only to give users permission to view but not edit the account

    • Read/Write to give users permission to view and edit the account

  11. Click Save.

Field-Level Security & Permissions

While Sharing Settings determine who can access a record, Field-Level Security (FLS) and Object Permissions control what users can do with the data inside those records. Even if a user has access to a record through role hierarchy, sharing rules, or manual sharing. FLS and object permissions can still limit what fields or actions they can perform.

How They
Work Together:

  1. Record Access (Share Settings) - Determines who can see a record.

    Example 1. Record Access

    A dispatcher has access to all job records assigned to field technicians.

  2. Object Permissions (Profiles & Permission Sets) - Controls whether a user can view, create, edit, or delete records.

    Example 2. Object Permissions

    A technician may only have Read-Only access to job records, while a manager can edit them.

  3. Field-Level Security (FLS) - Defines which fields within a record a user can see or edit.

    Example 3. FLS

    A field technician can view a job’s details but cannot edit pricing fields, even if they have access to the record.