Sharing rules – User Management and Security

Okay – but what if the OWD settings and Role hierarchy are not enough and you would like to give some users more rights toward some object’s records? You can of course modify the OWD setting but the changes made there will influence all Salesforce users. To add some more rights to the object’s, records you need to use the Sharing Rules feature.

Sharing Rules can open access to some records to some set of users. How does it work? Instead of talking more about theory, let’s show how it works in practice. Let’s create one sharing rule together.

We will be creating a lead sharing rule that will give Channel Sales Team members access to Leads owned by other team members. This rule makes sense when the Lead object OWD is set to private so that only record owners can see their own leads (plus people above them in the Role hierarchy) and for some reason, you would like to give all team members view access to leads owned by other users. Follow this step to create a lead sharing rule on your Salesforce team:

1. Go to Sharing Settings in Salesforce Setup.
2. Click New in the Lead Sharing Rules section.
3. For Set Label, choose Channel Sales Team Leads.
4. Select your rule type: Based on Record Owner.
5. Select which records are to be shared by going to Roles| Channel Sales Team.
6. Select users to share with by going to Roles | Channel Sales Team.
7. Select the level access for the users: Read Only.

After the sharing rule creation, you will see the Lead Sharing Rules section, as shown in the following screenshot:

Figure 6.8 – Lead sharing rule example

Okay – now that we have done the simple exercise, let’s see and explain the other options we could use when setting a Salesforce sharing rule:

• Rule Types options – there are two types available. The chosen type affects the next section, Select which records to be shared:
  • Based on record owner – The sharing will be based on the ownership of the records. For example, you can share records owned by members of some public groups or roles or roles and subordinates with other groups of users. There is no possibility of choosing a single user when setting this kind of sharing.
  • Based on criteria – The sharing will be based on records field criteria. For example, you can share only Leads on some specific status or Accounts with type equals competitor, and so on.
• Select which records to be shared – Depending on the rule type, the sharing can be based on the group or criteria, so basically records field values:
  • Group options:
    • Public Groups – The owner is part of chosen Salesforce public groups.
    • Roles – The record owner has a certain role assigned; for example, Sales Director.
    • Roles and Subordinates – The record owner has a certain role assigned or is a subordinate of this role. So, for example, if the Sales Director’s role has Sales Representatives as its subordinates, then in this case the Sales Representatives will be a part of this rule.
  • Criteria options:
    • Choose the field, operator, and value to create a records filter.
    • Set the filter logic if needed.
• Select the users to share with – Similar to the Selected to be sharedgroup options:
  • Public Groups
  • Roles
  • Roles and Subordinates
• Record access options – The final setting that will control how records mentioned in the Select which records to be shared option will be visible to users mentioned in the Select the users to share with option:
  • Read only – Users will be able to see the records mentioned in the rule. As you can see, the first option here is Read Only not Private as Private is always the option from which we would like to give some users some more access.
  • Read/write – Users will be able to see and edit records mentioned in the rule.

Tip

As you’re aware, the visibility of records is primarily governed by the ownership of the record but also strongly by the Role hierarchy. This implies that users positioned higher in the Role hierarchy will inherit record access from those beneath them in the hierarchy. Because the hierarchical sharing is already done by Salesforce Roles, in most cases, Sharing Rules are used when you need to horizontally share record visibility; for instance, among teams or groups situated on different branches of the Salesforce Role tree. A common example involves sharing access to certain records between two teams reporting to different managers. This scenario frequently occurs in customer support, where teams may need to view cases from other teams to provide support when one team is overwhelmed by the number of cases.

Okay – now that you understand how Salesforce OWD and Sharing Rules function and their impact on record visibility among users, let’s delve deeper into controlling field visibility on those records. We’ll explore this in the next section.