Apex Code Development You need to sign in to do that
Don't have an account?
Implicit sharing
What does "The account owner's role determines the level of access to child records." means?
* The ACCOUNT and the CASE is PRIVATE.
* USER05 is a Sales Rep and owned the "ACME" Account Record.
* The Sales Rep has Sales Rep Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _CREATE_, _READ_, _EDIT_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* Users in this territory can _READ_ and _EDIT_ accounts assigned to this territory.
* Users in this territory can _READ_ and _EDIT_ all cases associated with accounts in the territory, regardless of who owns the cases.
* USER15 is a Service Engineer User who created and owned the Case001 Record that related to ACME Account.
* The Service Engineer has Service Engineer Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _READ_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* USER26 is a Lead Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, but in other branch (independent from Sales Rep Role)
* The Lead Support User has _READ_ permission on the Case.
* The Lead Support User has access to the ACME Account based on a sharing rule
* The Lead Support User access to the Case001 record by implicit sharing
* USER30 is a Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, below the Lead Support.
* The Support User has _READ_, _EDIT_ permission on the Case.
* The Support User has access to the ACME Account based on a sharing rule
* The Support User access to the Case001 record by implicit sharing
Fact: USER26 can _READ_ the Case001 record.
Fact: USER30 can _EDIT_ the Case001 record.
Note: The Profiles can restrict access level. (except read all and modify all, but the profiles do no not have read all and modify all)
Note: https://help.salesforce.com/articleView?id=sharing_across_objects.htm&type=5 -> "The account owner's role determines the level of access to child records."
The account owner's role is "cannot access cases". Why can USER30 _EDIT_ Case001?
* The ACCOUNT and the CASE is PRIVATE.
* USER05 is a Sales Rep and owned the "ACME" Account Record.
* The Sales Rep has Sales Rep Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _CREATE_, _READ_, _EDIT_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* Users in this territory can _READ_ and _EDIT_ accounts assigned to this territory.
* Users in this territory can _READ_ and _EDIT_ all cases associated with accounts in the territory, regardless of who owns the cases.
* USER15 is a Service Engineer User who created and owned the Case001 Record that related to ACME Account.
* The Service Engineer has Service Engineer Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _READ_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* USER26 is a Lead Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, but in other branch (independent from Sales Rep Role)
* The Lead Support User has _READ_ permission on the Case.
* The Lead Support User has access to the ACME Account based on a sharing rule
* The Lead Support User access to the Case001 record by implicit sharing
* USER30 is a Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, below the Lead Support.
* The Support User has _READ_, _EDIT_ permission on the Case.
* The Support User has access to the ACME Account based on a sharing rule
* The Support User access to the Case001 record by implicit sharing
Fact: USER26 can _READ_ the Case001 record.
Fact: USER30 can _EDIT_ the Case001 record.
Note: The Profiles can restrict access level. (except read all and modify all, but the profiles do no not have read all and modify all)
Note: https://help.salesforce.com/articleView?id=sharing_across_objects.htm&type=5 -> "The account owner's role determines the level of access to child records."
The account owner's role is "cannot access cases". Why can USER30 _EDIT_ Case001?