+ Start a Discussion
Neha Garg 39Neha Garg 39 

Grant Access Using Hierarchies

What should be done to provide managers access to records of which they are not the owner in a private sharing model?
A. Create a Manager Permission set and select the “View All Data” option.
B. Create a Manager profile and select the “View My Teams Data” option.
C. Define a Role Hierarchy and use the Grant Access Using Hierarchies option.
D. Set the Manger field for each User Record on the Manager’s team.

The answer should be C but some post says A. can anyone help me provide clarification about why it can't be C?
Best Answer chosen by Neha Garg 39
Abhishek Sharma 36Abhishek Sharma 36
If the question says manager needs access to record, if they are not the owner of a private sharing rule. Then C is correct.
Example: Lets say a sales rep reports to a manager and we have role define for both, i.e. sales rep reports to his manager. Then by checking ' Grant Access Using Hierarchies' it can be done.

But if the question says a user needs manager access for all the objects, then the right answer is A. This feature will give access to all object records irrespective of ownership. These are generally given to administrator or delegated admin profiles.

As far as I think the correct answer is C.

All Answers

AnudeepAnudeep (Salesforce Developers) 
The answer is A

Let's say a role sales manager reports to VP.

Object permission of Sales Manager profile assigned to people in Sales Manager role is CRUD and for VP is Read, then because of the hierarchy setup, VP role users will have access to all records that are visible to people in Sales manager role, but the object permissions will define what a VP can do with those. If the VP's profile does not have Edit permissions, he won't be able to edit the records, regardless of the sharing setup.

As per the documentation, regardless of your organization's sharing settings, users can gain access to records they do not own through other means such as user permissions like “View All Data,” sharing rules, or manual sharing of individual records.

While Grant Access using hierarchies determine whether users have access to records they don’t own, including records to which they don’t have sharing access, but someone below them in the hierarchy does, it comes down to what permission they have through their profile

If you find this information helpful, please mark this answer as Best

Regards, 
Anudeep
 
Abhishek Sharma 36Abhishek Sharma 36
If the question says manager needs access to record, if they are not the owner of a private sharing rule. Then C is correct.
Example: Lets say a sales rep reports to a manager and we have role define for both, i.e. sales rep reports to his manager. Then by checking ' Grant Access Using Hierarchies' it can be done.

But if the question says a user needs manager access for all the objects, then the right answer is A. This feature will give access to all object records irrespective of ownership. These are generally given to administrator or delegated admin profiles.

As far as I think the correct answer is C.
This was selected as the best answer