+ Start a Discussion
mukesh guptamukesh gupta 

Profile Roles and Sharing Setting

Hi Expert,

How would sharing rule work in the below scenario

Suppose i create a new object called "XXXX". Now profile called "AAAA" doesn't have read, create, edit permission on it.

Q1: What would happen if I create a record of object "XXX" and share it with user which has profile "AAAA" and give him "Edit" permission on the record? Would user be able to see the record or edit the record? please qualify your answer.

Q2: Can anybody explain in what order access on record or object is granted in terms of OWD, Sharing rule, Role and profile?

Q3: If i set OWD setting as Public Read/Edit on Object "XXXX" but profile "AAAA" don't have read, create and edit permission on Object "XXXX" then the user who owns profile "AAAA" would be able to see and edit the records of object "XXXX"?

Q4: What would happen if profile "AAAA" has only Read permission on Object "XXXX" then user who owns profile "AAAA" would be able to see and edit ALL the records of object "XXXX"?

Q5: In order to work out OWD setting, at least profile must have Read permission on that particular object?

Q6: The user who is higher role in hierarchy would get owner permission on the records created by user who are lower in the roles means he can edit and delete the record as well. Is that correct?

Please share your best 

Regards
Mukesh
Best Answer chosen by mukesh gupta
Steven NsubugaSteven Nsubuga
  1. Q1 No, that user would not be able to see or edit that record because his profile does not allow him to. Insufficient privileges error.
  2. Q2 Profile determines object level access. It is the most restrictive. OWD is next, followed by role hierarchy and then sharing rules. Record access increases from OWD till Sharing.
  3. Q3 No, because  profile does not allow.
  4. Q4  user who owns profile "AAAA" would be able to see ALL the records of object "XXXX" but would not be able to edit. Object level access is determined first, and then record level access.
  5. Q5 Yes!! Object level access is determined first, and then record level access.
  6. Q6 The user who is higher role in hierarchy would NOT get owner permission on the records created by user who are lower in the roles BUT can view and edit and delete the record as well. Yes.