You need to sign in to do that
Don't have an account?
Record level Sharing
Hi All,
I am new to Salesforce & I have few questions regarding Record Level Sharing Rules:
I have made the Accounts Private in Sharing Settings. But still all the Accounts are visible to everyone (Read only is the lowest level of security available in Account object).
1. So is it possible to STOP users with Read Only permission on the Account to create a new Contact on that account or change the existing contact's Account to a Read Only account?
2. The above sharing rule is preventing user when they click the Edit button of the Account. By if there is a trigger that is updating the Read Only Account, the above sharing rule does not prevent it. Ex: I have a trigger to update the Account's field (no. of contact) when a Contact's account is changed. It updates the count in both old & new Accounts. But why the sharing rule is preventing this? No exception or error is thrown. How do I solve this?
Please help me!
Thanks in advance
Initially I assumed it might be mistake in any of the SF release. But its not.
I solved my problem when I started from scrach.
I still dint know where I went wrong.
But, I made everything puclic, then everything Private & then started giving permissions one by one.
Recaluclated the Security everytime in between.
Somehow things started working the way I wanted!
All Answers
If Account Shaing Setting is set to private "Only the record owner and users above the record owner in the role hierarchy can view and edit the record".
Cheers
Sanj
Unfortunately that doesn't work in my case. I made the Accounts Private. I gave read only permissions to certain roles & read/write permission to certain role alone depending upon some condition.
But still all the users can view all the accounts. Only direct editing is prevented. It also allows other role users to create new contact under the Read Only accounts.
I tried inserting the picture of my current config, but it doesnt allow me.
I want to prevent users with Role X to view/edit Accounts whose owner is Y. Also I want to prevent them to create new Contact under those accounts.
This is what I did - Made Account Private in Org wide Default, In sharing rules, I gave read/write permission to the role X if the Account owner is not equals to Y.
Where am I going wrong?
Please help
Initially I assumed it might be mistake in any of the SF release. But its not.
I solved my problem when I started from scrach.
I still dint know where I went wrong.
But, I made everything puclic, then everything Private & then started giving permissions one by one.
Recaluclated the Security everytime in between.
Somehow things started working the way I wanted!
Make the OWD settings as private
Go to the Sharing rule and give the critera as if record owner is Y then give access to a Public group.
Create a Public group and give access to roles/User other than roles X.
This will help
Regards
Shashank