Apex Code Development You need to sign in to do that
Don't have an account?
Julie Curry prevent sharing via case team
My organization requires a specific (and short) timeout for a particular case record type. Only a subset of our users need access to these records so I have created dedicated profiles for the users who view this data.
Now I need to prevent users who don't have this profile from being able to access the records. I've done what I can with OWDs, profiles, sharing button (removed the button from the page layout for this record type), but now I'm trying to figure out how I can block access via the case team.
I have a case open with salesforce and the support rep recommended creating a VFpage for the record type. I don't code so I'm trying to figure out what all of the options are before we try to bring on outside resources. A validation rule isn't possible. I could remove the case team related list from the page layout but I feel like someone might want to add a team member some day. I did see the trailhead for 'with sharing' here (https://trailhead.salesforce.com/en/content/learn/modules/data-leak-prevention/identify-and-prevent-sharing-violations). I don't really understand it but am trying to at least understand if it might be a possible solution. Also I have had to create a trigger in the past to block users from deleting opportunity products. I'm wondering if I could do the same for this. Create a trigger that will block sharing for this record type with all users who don't have a particular word in their profile name.
I'm really bummed that this is so complicated :/
Thanks in advance for your help!
Now I need to prevent users who don't have this profile from being able to access the records. I've done what I can with OWDs, profiles, sharing button (removed the button from the page layout for this record type), but now I'm trying to figure out how I can block access via the case team.
I have a case open with salesforce and the support rep recommended creating a VFpage for the record type. I don't code so I'm trying to figure out what all of the options are before we try to bring on outside resources. A validation rule isn't possible. I could remove the case team related list from the page layout but I feel like someone might want to add a team member some day. I did see the trailhead for 'with sharing' here (https://trailhead.salesforce.com/en/content/learn/modules/data-leak-prevention/identify-and-prevent-sharing-violations). I don't really understand it but am trying to at least understand if it might be a possible solution. Also I have had to create a trigger in the past to block users from deleting opportunity products. I'm wondering if I could do the same for this. Create a trigger that will block sharing for this record type with all users who don't have a particular word in their profile name.
I'm really bummed that this is so complicated :/
Thanks in advance for your help!
That is a complex issue! You could potentially use Sharing Rules to solve your problem.
You would need to set the objects' sharing settings to Private and then create sharing rules for those specific profiles. Your primary criteria would be Record Type, but you could add other criteria as well.
I hope this helps. -Chad
I have some sharing rules in place for this record type to open up access, but not to remove access. I will try that but I am under the impression that the sharing rules will not take away access.
Thank you again!
Sharing Setting, Profiles, Permission Set, Case Team are all used to expand the sharing of a record. The only way to remove visibility is via "OWD" to private which is already set.
But the user's with View All access (Super User), Modify All Access (Admin User), part of Team Member would be likely to view records and configurable do not have options to revoke access from them because of their permissions are high as compare to other users.
To resolve this, we have to move into custom code either VF Page / Lightning Component / LWC component to verify the correct Profile / Roles / Users to view a particular page.
If you need help on building VF page / Lightning Component, I can guide you or help you. Below are few links which give you an idea of how to Build one of you own in-case wanna give a try.
VF Page: Create edit VF page (https://trailhead.salesforce.com/en/content/learn/modules/visualforce_fundamentals/visualforce_creating_pages)
Lightning Component: Lightning COmponent (https://trailhead.salesforce.com/en/content/learn/projects/salesforce_developer_workshop/creating_lightning_component)
LWC Component: LWC Component (https://trailhead.salesforce.com/en/content/learn/projects/quick-start-lightning-web-components/create-a-hello-world-lightning-web-component)
Thanks,
Gaurav
Skype: gaurav62990
Email: gauravgarg.nmims@gmail.com
Of course.
And yes that's correct, you cannot take away access using those rules. So in order for this to work, you'd need to make your OWD 'Private' and then give access where needed. So the users' profiles who should have access will be granted it, but the profiles who don't need access to this specific Record Type will remain at 'Private'.
I hope this adds more clarification, Chad
Still, the record's visibility will be available for Case Team Members or the Person above in Hierarchy to the current role. Correct me if I am wrong.
Thanks,
Gaurav
Skype: gaurav62990