Apex Code Development You need to sign in to do that
Don't have an account?
momorgan Field-level sharing settings?
We are looking to amend our current sharing to be more restrictive. Within certain teams, we want to change so that the only Accounts that users can see in full are the ones they own themselves.
However, it doesn't make sense to simply hide all other Accounts from them. Instead, it would make sense for them to be able to see Accounts they don't own, but not in their entirety.
For example, on a Account record I don't own, I would be able to see the Account Owner and Account Name, but nothing else - that way I know who to contact internally about it.
How could this be achieved?
There are two security areas related to this issue: a) Sharing, b) FLS.
Sharing can control how you share the entire record with other people, groups, roles, etc.
FLS can control read/write/required access per field, but not sharing.
So there is no built in mechanism to allow sharing, but only of some fields.
However, you can create a VisualForce page that uses an Apex controller to do this. The controller can expose only the columns you want to allow all users to see.
Please keep in mind that if you are building this application with commercial intent (OEM, AppExchange, etc.), you should ensure that the org administrator grants the app permission to bypass sharing for these fields. For more details on implementing this, please visit: http://community.salesforce.com/t5/Security/Bypassing-org-sharing-rules-in-Apex-with-org-admin-approval/td-p/194231
That's valuable feedback; thank you. It's a shame this isn't available out-of-the-box, but we'll look at the feasibility of using Apex/VF here.
(For future reference, the link above didn't work for me - I used this instead.)
Fixed the link. Thanks for pointing it out.
Please vote for this idea I posted awhile back. Criteria-Based Field Level Security: http://sites.force.com/ideaexchange/ideaView?id=08730000000BrrIAAS