Sharing Settings
Introduction
Sharing settings control who can see and edit different records, such as jobs, tickets, and quotes. The settings determine how data is shared among users based on roles, teams, or specific individuals.
As the system admin, you can use organization-wide sharing defaults to lock down record access to the most restrictive level.
Sharing settings enable you to utilize:
-
Role-Based Sharing: Same role users may have automatic access to relevant records
-
Manual Sharing: Users can grant access to specific records to others when needed
-
Team Sharing: Teams or groups of users can be given access to certain records for more effective collaboration
-
Default Sharing Rules: You can set up default company wide rules to control who can view or edit records
There are four main ways of controlling who has access to records with Salesforce tools. The levels progress from most restrictive to most permissive.
Rank | Level | Description | |
---|---|---|---|
Most Restrictive Most Permissive |
1 |
|
|
2 |
|
||
3 |
|
||
4 |
|
Prerequisites
To setup and use sharing settings, you need to:
Have these permissions | Complete these tasks and review these topics before continuing |
||
---|---|---|---|
System Permissions:
|
Data Access Basics
Data Access is controlled through a combination of roles, sharing settings, and permissions ensuring users can see and edit only the data they need.
When working with… |
This access wins… |
Object access |
Most permissive |
Record access |
Most permissive |
Field access |
Most restrictive |
Sharing Settings Organization
Key |
|
Organization-Wide Sharing Defaults
Organization-wide sharing defaults set the base level of access that users have to records they don’t own.
You can’t restrict access beyond the organization-wide sharing defaults. |
For most objects, you can set the default level of record access to:
-
Private: restricts access to all records.
-
Public Read Only: grants users access to view all records.
-
Public Read/Write: grants users access to view and edit all records.
When you select Private:
|
Child Objects
Child objects inherit their default level of access from their parent object.
You can’t change the default level of access for child objects. |
Configure Organization-Wide Sharing Defaults
-
From Setup, enter `sharing" in the Quick Find box, then select Sharing Settings.
-
Under Organization-Wide Defaults, click Edit.
-
Complete the following for each object:
-
Under Default Internal Access, select the default level of access:
Purpose Select To restrict access to records
Private
To give users access to view but not edit records
Public Read Only
To give users access to view and edit records
Public Read/Write
-
(Optional) Deselect Grant Access Using Hierarchies to prevent automatic record access using the role hierarchy.
If you leave this option selected, records shared with a user are also shared with users above them in the role hierarchy.
You can only deselect this option for custom objects that don’t have a parent object (e.g. Job).
-
-
Click Save.
-
Click OK.
If you select Private as the Default Internal Access:
|
You will receive an email confirmation once your sharing settings recalculate. |
Role Hierarchy
Role Hierarchy provides a structured way to manage data access based on user roles. This ensures that higher-level users (like managers) automatically have access to records owned by their subordinates which can improve efficiency and security.
Advantages |
|
A role hierarchy features a series of roles ranked one above the other according to authority.
Roles control the level of access that users have to records for each object:
-
Access records owned by or shared with users below them in the hierarchy, unless specified otherwise in the organization-wide sharing defaults
-
Inherit the same data access as their subordinates for records not owned by their subordinates
-
Can’t access each other’s records in the same role level
|
Add a Role Hierarchy
-
From Setup, enter
manage users
in the Quick Find box, then select Roles. -
Click Set Up Roles.
-
Add roles to the hierarchy:
-
Click Add Role.
-
In Label, enter a role name.
-
In This role reports to, select the role under which to place the role.
-
Click Save & New.
-
To add more roles, repeat these steps.
-
Click Save to finish.
-
-
From Setup, enter
manage users
in the Quick Find box, then select Roles -
Click Expand All
-
Assign users to the roles:
-
Click Assign next to the role.
-
In Available Users, select users.
-
Click Add.
-
Click Save.
-
To add other users to roles, repeat these steps.
-
Sharing Rules
With sharing rules you can define how records are shared beyond the default role hierarchy. You, or other admins in your org, to grant access to specific users, roles, or teams based on business needs.
Sharing rules grant users record access on an object-by-object basis.
Sharing rules grant wider record access but can’t restrict record access. |
Advantages: |
|
Example: |
A dispatcher needs access to all jobs assigned to a technician team, so a sharing rule is created to grant that access automatically. |
There are two types of sharing rules:
Based on record owner |
Based on criteria |
Shares records owned by specific users. |
Shares records based on criteria that analyzes values in the records. |
Add a Sharing Rule Based on Record Owner
Prerequisite |
Add a role hierarchy or add public groups. |
-
From Setup, enter
sharing
in the Quick Find box, then select Sharing Settings. -
In Manage sharing settings for, select the object for which to add the sharing rule.
-
Under Sharing Rules, click New.
-
Under Step 1, enter a name for the rule.
-
Under Step 2, select Based on record owner.
-
Under Step 3, select the public group or role that owns the records.
-
Under Step 4, select the public group or role with whom to share the records.
-
Under Step 5, select:
-
Click Save.
-
Click OK.
Add a Sharing Rule Based on Criteria
Prerequisite |
Add a role hierarchy or add public groups. |
-
From Setup, enter
sharing
in the Quick Find box, then select Sharing Settings. -
In Manage sharing settings for, select the object for which to add the sharing rule.
-
Under Sharing Rules, click New.
-
Under Step 1, enter a name for the rule.
-
Under Step 2, select Based on criteria.
-
Under Step 3, select the records to share by defining criteria analyzing field values.
-
Under Step 4, select the public group or role with whom to share the records.
-
Under Step 5, select:
-
Click Save.
-
Click OK.
Public Groups
A public group is collection of users, roles, and other groups that makes it easier to manage data access and sharing rules. Instead of adding users one by one, you can assign permissions to an entire group at once.
Adding public groups reduces the number of sharing rules required. |
Advantages: |
|
Example: |
A company creates a Field Technicians public group to quickly share job schedules with all technicians at once. |
There are two ways to use public groups in sharing rules:
-
Share records with group members.
-
Share records owned by group members with other users.
Add a Public Group
-
From Setup, enter
public group
in the Quick Find box, then select Public Groups. -
Click New.
-
In Label, enter a group name.
-
(Optional) Deselect Grant Access Using Hierarchies to prevent automatic access to the public group’s records using the role hierarchy.
-
In Search, select the type of users to include in the public group.
-
In Available Members, select users.
-
Click Add.
-
Click Save.
Manual Sharing
Manual sharing grants user access to specific records on a case-by-case basis outside of default role hierarchies and sharing rules. You can use this when a user needs temporary or special access to a record.
Advantages: |
|
Example: |
A field technician manually shares a job ticket with another technician to help with troubleshooting. |
Share an Account
Prerequisite |
You must be the record owner, in a role above the record owner, or have the permissions to share an account. |
-
Open the Accounts tab.
-
Open the account.
-
Click Sharing.
-
Click Add.
-
In Search, select the type of users with whom to share the account.
-
In Available, select users.
-
Click Add.
-
In Account Access, select:
-
Click Save.
Field-Level Security & Permissions
While Sharing Settings determine who can access a record, Field-Level Security (FLS) and Object Permissions control what users can do with the data inside those records. Even if a user has access to a record through role hierarchy, sharing rules, or manual sharing. FLS and object permissions can still limit what fields or actions they can perform.
How They |
|
Recommended Reading
For more information, see:
FieldFX Documentation | Salesforce Documentation |
---|---|