+ Start a Discussion

Portal User Sharing Rules

I'm developing a custom application for a client using Custom Portal that works only with Custom Objects, no standard objects. One of the requirements is to control visibility within each Portal "Account" via the role-hierarchy. Here's the situation.


Account ABC has 3 contacts (portal users)

- User 1 has the standard "Account ABC Executive" profile

- User 2 has the standard "Account ABC User" profile (reports to Manager, which reports to Executive)

- User 3 has the standard "Account ABC User" profile(reports to Manager, which reports to Executive)


I set the Custom object default sharing to "Private" and "Grant Access using Hierarchies" is checked. I added a Sharing Rule on the Custom Object to share the object with "All Internal Users" so all non-portal users have full visibility.


My expectation is that if User 2 or 3 creates a record in the Custom Object, User 1 will be able to see that record because User 2 & 3 report to User 1 in the Role Hierarchy. However, I'm not seeing this behavior in my testing. Instead records created by User 2 are only visible to User 2, and so forth.


Is there a way I can build my sharing rules for Portal users such that there can be an account-level "Manager" that has visibility to all records created by other "Users" within that Portal Account?





Michael RamseyMichael Ramsey

Hi Mike,


In your example are the users the owner of the custom object record?  If so then the users in the parent role should be able to see the records created by users in their child roles.  You shouldn't have to create sharing rules to do this because of the role hierarchy.  Role hierarchy sharing is based on ownership.






Yes, the lower level users were the owner of the records. The person above them in the role hierarchy should be able to see records owned by those in the child roles.


What I found is that to get the role hierachary to work correctly, I needed to create a public group that has the "Grant Access Using Hierarchies" box checked and add all the portal users into this group. Once I did this, the records became visible to the executive manager level users.


Best Regards,