+ Start a Discussion
nickwick76nickwick76 

Any way to get around selecting 'Modify All' to being able to edit shares on others objects?

Hi, 

For several profiles in our org we have selected 'Modify All' for some objects. The reason for this is that these persons need to be able to change for example the Account Owner on Accounts that they do not own themselves. These users might be sales managers for example.

 

This has worked fine before, but now we have a problem since we are going to migrate data into Salesforce for a new set of sales reps and sales managers. The new users and the old users are not allowed to see each others data.

With 'Modify All' chosen for for example the sales manager's profile he can see the new users data. 

 

Is there a way to get around this?

 

1. We still want to keep the possibility of some users being able to change the sharing on some objects that they don't own themselves.

 

2. The data created by the two groups (old and new users) must be absolutely separated. I.e. they are not allowed to read or edit each others data.

 

Thanks for any help even if it means it's not possible!

 

BR / Niklas

Best Answer chosen by Admin (Salesforce Developers) 
nickwick76nickwick76

This was some time ago now but we have implemented two different business segments in the same org successfully.

In short 'Modify All' and 'View all' must be removed for users that should only see one of the business segments. The objects need to be private in OWD and sharing rules must be looked over in detail. The role hierarchy is also important to look over. This way it will work!

All Answers

nickwick76nickwick76

If I understand it correctly only users above the account owner in the role hierarchy can change the account owner field.

The questions are still valid though.

Anyone?

 

Thanks!

 

BR / Niklas

Ispita_NavatarIspita_Navatar

The best way forward would be to create a separate a new profile for the new users say new Sales Manager and you write a small trigger wherein if the logged in user is or say new sales manager profile and the data owner is that of "Sales manager" profile, then update will fail giving appropriate error message.

 

Hope this helps.

nickwick76nickwick76

This was some time ago now but we have implemented two different business segments in the same org successfully.

In short 'Modify All' and 'View all' must be removed for users that should only see one of the business segments. The objects need to be private in OWD and sharing rules must be looked over in detail. The role hierarchy is also important to look over. This way it will work!

This was selected as the best answer