+ Start a Discussion
Rajesh-SFDCRajesh-SFDC 

Sharing rules in Salesforce

Hi Everybody,

I am new to salesforce security just wanted to have understanding on Sharing rules i have below doubt 
a) Suppose we have CEO Role at highest level and Recruitment Manager at lowest level of CEO and CEO have all object access what Recuritment manger Have and for all object Grant Access Using Hierarchies in org default is selcted my doubt is whether the record will be accesible to CEO what Recruitment Manager created or do we need to create sharing rules ?
b) What is the sharing rule and Manual Sharing Rule ?
 
SFDC Coder 1SFDC Coder 1
Hi Rajesh,

Below links of trailhead can help you in understanding the Sharing rule .
https://trailhead.salesforce.com/force_com_dev_beginner/data_security/data_security_roles
https://trailhead.salesforce.com/force_com_dev_beginner/data_security/data_security_sharing_rules


And the answer your questions are given below.
a)No, you do not have to create sharing rule.  Data security will be handled by the Grant Access Using Hierarchies.
b)Link(https://success.salesforce.com/apex/answers?id=90630000000hvFmAAI) will help you in understanding the difference between the sharing rule and Manual Sharing Rule

If this helps you then Mark this Answer as Best Answer.

Thanks
Amit Chaudhary 8Amit Chaudhary 8
Please check below post for sharing rule
1) http://amitsalesforce.blogspot.com/2016/02/types-of-sharing-in-salesforce.html


links of trailhead can help you in understanding the Sharing rule .
https://trailhead.salesforce.com/force_com_dev_beginner/data_security/data_security_roles
https://trailhead.salesforce.com/force_com_dev_beginner/data_security/data_security_sharing_rules

1. Force.com Managed Sharing
Force.com managed sharing involves sharing access granted by Force.com based on record ownership, the role hierarchy, and sharing rules:
  • 1.1 Record Ownership :- Each record is owned by a user or optionally a queue for custom objects, cases and leads. The record owner is automatically granted Full Access, allowing them to view, edit, transfer, share, and delete the record.
  • 1.2 Role Hierarchy :- The role hierarchy enables users above another user in the hierarchy to have the same level of access to records owned by or shared with users below. Consequently, users above a record owner in the role hierarchy are also implicitly granted Full Access to the record, though this behavior can be disabled for specific custom objects. The role hierarchy is not maintained with sharing records. Instead, role hierarchy access is derived at runtime. For more information, see “Controlling Access Using Hierarchies” in the Salesforce online help.
  • 1.3 Sharing Rules :-Sharing rules are used by administrators to automatically grant users within a given group or role access to records owned by a specific group of users. Sharing rules cannot be added to a package and cannot be used to support sharing logic for apps installed from Force.com AppExchange. Sharing rules can be based on record ownership or other criteria. You can't use Apex to create criteria-based sharing rules. Also, criteria-based sharing cannot be tested using Apex. All implicit sharing added by Force.com managed sharing cannot be altered directly using the Salesforce user interface, SOAP API, or Apex.

User-added image
2. User Managed Sharing, also known as Manual Sharing
User managed sharing allows the record owner or any user with Full Access to a record to share the record with a user or group of users. This is generally done by an end-user, for a single record. Only the record owner and users above the owner in the role hierarchy are granted Full Access to the record. It is not possible to grant other users Full Access. Users with the “Modify All” object-level permission for the given object or the “Modify All Data” permission can also manually share a record. User managed sharing is removed when the record owner changes or when the access granted in the sharing does not grant additional access beyond the object's organization-wide sharing default access level.

3. Apex Managed Sharing
Apex managed sharing provides developers with the ability to support an application’s particular sharing requirements programmatically through Apex or the SOAP API. This type of sharing is similar to Force.com managed sharing. Only users with “Modify All Data” permission can add or change Apex managed sharing on a record. Apex managed sharing is maintained across record owner changes.

Let us know if this will help you
 
Andre Green 9Andre Green 9
I am having trouble with the data security on salesforce.  I am new to salesforce security.  Can anyone please help with this. 

 https://trailhead.salesforce.com/force_com_dev_beginner/data_security/data_security_sharing_rules

Set Sharing Rules for Training Coordinator and Projects
Project custom object records should only be seen by the owner of the record and users above the owner on the role hierarchy. However, for some Project records, the Training Coordinator must also have Read Only visibility to the Project record.
Create a custom picklist field on the Project object called “Priority” with the following values: High, Medium, and Low. Then create a criteria-based Sharing Rule for Project records where the Priority = High to share those records with the Training Coordinator role.
The custom object must be named 'Project' with a resulting API name of 'Project__c'.
The Name field for 'Project' must be of type Text (not Auto-Number).
The custom object 'Project' must have a custom field of type picklist named 'Priority' with a resulting API name of 'Priority__c'.
The role label should be 'Training Coordinator' with the resulting 'Role Name' of 'Training_Coordinator'. Note that you may already have this role in your role hierarchy from a previously attempted challenge.
The sharing rule can be named anything.
The organization-wide defaults for Project cannot be set to 'Public Read/Write'.