function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
VKrishVKrish 

Record level Sharing

Hi All,

 

I am new to Salesforce & I have few questions regarding Record Level Sharing Rules:

I have made the Accounts Private in Sharing Settings. But still all the Accounts are visible to everyone (Read only is the lowest level of security available in Account object).

   1. So is it possible to STOP users with Read Only permission on the Account to create a new Contact on that account or change the existing contact's Account to a Read Only account?

   2. The above sharing rule is preventing user when they click the Edit button of the Account. By if there is a trigger that is updating the Read Only Account, the above sharing rule does not prevent it. Ex: I have a trigger to update the Account's field (no. of contact) when a Contact's account is changed. It updates the count in both old & new Accounts. But why the sharing rule is preventing this? No exception or error is thrown. How do I solve this?

 

Please help me!

Thanks in advance

Best Answer chosen by Admin (Salesforce Developers) 
VKrishVKrish

Initially I assumed it might be mistake in any of the SF release. But its not.

 

I solved my problem when I started from scrach.

I still dint know where I went wrong.

But, I made everything puclic, then everything Private & then started giving permissions one by one.

Recaluclated the Security everytime in between.

Somehow things started working the way I wanted!

All Answers

sanjdevsanjdev

If Account Shaing Setting is set to private "Only the record owner and users above the record owner in the role hierarchy can view and edit the record".

 

Cheers

Sanj
VKrishVKrish

Unfortunately that doesn't work in my case. I made the Accounts Private. I gave read only permissions to certain roles & read/write permission to certain role alone depending upon some condition.

But still all the users can view all the accounts. Only direct editing is prevented. It also allows other role users to create new contact under the Read Only accounts.

 

I tried inserting the picture of my current config, but it doesnt allow me.

I want to prevent users with Role X to view/edit Accounts whose owner is Y. Also I want to prevent them to create new Contact under those accounts.

This is what I did - Made Account Private in Org wide Default, In sharing rules, I gave read/write permission to the role X if the Account owner is not equals to Y.

Where am I going wrong?

Please help
VKrishVKrish

Initially I assumed it might be mistake in any of the SF release. But its not.

 

I solved my problem when I started from scrach.

I still dint know where I went wrong.

But, I made everything puclic, then everything Private & then started giving permissions one by one.

Recaluclated the Security everytime in between.

Somehow things started working the way I wanted!

This was selected as the best answer
shashank shekhar 36shashank shekhar 36
in sharing rule you cannot restrict the access of a particular record. You can only grant access using sharing rules.
Make the OWD settings as private
Go to the Sharing  rule and give the critera as if record owner is Y then give access to a Public group.
Create a Public group and give access to roles/User other than roles X.

This will help

Regards
Shashank