Types of Record Sharing

By -
What is Record Sharing?
To view or access a record in Salesforce, every user must have some permissions that is known as Sharing permissions. The permission may vary from user to user and not every user see the record in same way i.e. some user might have full access on record while other just have view permissions. 

 So let go into it and found out what are these. 

In the above image, we can see 19 different types of Sharing that can be applied on a Record. Let check how they are shared and their usage.
  1. Profile
    • Profiles are the first and basic level of access that a User have. Profile add the permission at Object Level i.e. object access, FLS, page layout access, Record types etc. 
    • Each user can have only one Profile. 
    • Setup --> Profile.
  2. Permission Set
    • After profile, permission set's are used to open up the access at Object level.
    • Permission sets are used if we need to open access for particular user or need to provide extra permission other than profiles. 
    • In Permission set, we can again provide all the set of access that we define in Profile. 
    • Permission set will be assigned to individual user's not to any group or queue. 
    • Not like Profile, a User can have multiple Permission Set which can provide him as many permission as required. 
    • Setup --> Permission Set.
    • For eg: Organization setup Profile with basic Read and View permissions, but a new User need Edit and Create permission too. if we add these permission on Profile then all the user will get the same permission. So we will create Permission set to give extra access. 
  3. OWD
    • OWD are used to provide record level access. 
    • There are 3 level of permissions namely
      • Private -- Most restrictive one
      • Public read -- User can view all the records. 
      • Public read / write -- User can view and edit any record (Most Lenient)
    • OWD are defined on a single object i.e. one OWD permission per object. 
    • If communities are enabled, we can set External OWD too that is totally separate from internal OWD sharing. 
    • Setup --> Sharing Setting --> "Object Name"
  4. Record Ownership
    • Record Ownership is the highest level of permission i.e. User having this permission can Delete, Edit, Share a record.
    • Usually the record creator is the owner of the record. But admin will change the ownership.
  5. Role Hierarchy
    • This define Record Level permission. 
    • User with higher role will automatically able to view his subordinate records, even if User do not have any access on it. 
    • Setup --> Roles
  6. Teams (Cases, Accounts & Opportunities)
    • Salesforce provides an easiest way to share a record without making any changes on user profile i.e. teams.
    • We have Teams only on three standard object and we cannot enable them for any other object. 
    • User's with Team access would automatically able to contribute on that particular record. 
    • Team access are also differentiate based on configuration setting. 
  7. Queues
    • Queues are assigned with Record ownership to provide record access. 
    • Queues are used when we need to assign a record to a group of user's and let them choose the ownership on their own. 
    • Queue ownership are defined over Service cloud.
    • For eg, a case has been created by customer and now it is assigned to particular queue so that any representative who is willing to work can pick the record and assign to himself. 
  8. Sharing Rules
    • Sharing rules are commonly known as Criteria-based sharing rules. 
    • These rules are defined under Sharing Setting. 
    • Rules are created based on some particular condition eg, country / region wise.
    • Record will automatically assign to different Group of user's if they fall under particular condition. 
    • These sharing rules do not work on Account object
  9. Groups
    • Group is just like a queue, the only difference is Group do not have email address while Queue has. 
    • Groups are also used to provide Record ownership in Criteria Based Sharing rules.
    • These are public groups 
    • See more details: Groups
  10. Territory Management
    • Territory management is used to provide record ownership for Account object. 
    • This feature is only available with Account. 
    • We need to enable Territory Management and define the conditions for assign the records to particular Queue / Group
  11. Sharing Set
    • Sharing set are the best way to share a record with Community or Portal user.
    • They are only used for external used hence not an alternative to Sharing rules. 
    • Easy to define 'User:Account' = 'Case:Account'
  12. Sharing Group
    • These are Manager Group or Personal Groups. 
    • Sharing groups are defined in case User need to provide access to a set of user's always if he is the owner of a record. 
    • See more details: Groups
  13. Super User Access
    • This access is used for Community, when we need particular User to view all the record irrespective of ownership, OWD sharing.
    • Super User Access applied only to Cases, Opportunities, Leads and Custom Objects. 
  14. Manual Sharing
    • Owner can share record with particular user or group of user's. 
    • While manual share, owner need to define level of access i.e. read or read/write
    • Manual share is enabled only if OWD is private for object. 
  15. Apex Sharing
    • Just like sharing rules (Configurable) we can have Apex sharing i.e. used to share record programmatically. 
    • For Apex sharing you need to define Apex Sharing reasons on Object level.
    • You can find the code here
  16. Implicit Sharing
    • Sharing which defined by salesforce and cannot be controller by Admins are commonly known as Implicit Sharing. 
    • Types of implicit sharing

Please share your views

~ Gaurav Garg ~
be motivated keep learning

Comments

Post a Comment

Popular posts from this blog

Salesforce Admin 201

By -
Today I am going to share Admin material which is created while I am preparing for it. Below set of questions are prepared from multiple sites and 100% accurate.  But as Salesforce is releasing thrice every year, one cannot rely on just questions. To be assure do read  Salesforce   Release Notes . 1  Universal Containers uses a custom field on the account object to capture the account credit status. The sales  team wants to display the account credit status on opportunities        Which feature should a system administrator use to meet the requirements?                •              Look-up Field                •              Roll-up summary field  ...
Read more

Account Territories

By -
Image
What is Account Territory Territory management is an account sharing system that grants access to accounts based on the characteristics of the accounts. It enables your company to structure your Salesforce data and users the same way you structure your sales territories. NOTE: same as Assignment rules for Cases and other objects, territories enables Account object sharing / assignment rules. A territory at-least provides Read access to the member irrespective of Account permissions. A user and Account can have multiple membership in territory i.e. single user can be part of multiple territory and an Account can also be a part of multiple territory. How territories can be defined in SDFC? Territory can be defined based on criteria such as: a.       Postal code b.       Industry c.        Revenue d.       Custom fields. What are the use of Territory in ...
Read more