Apex Code Development You need to sign in to do that
Don't have an account?
calvin_nr Help needed with record level security in Salesforce
Hi guys,
I am new to Salesforce and have been working on the customer portal.
I am struggling with something that should have been straight forward.
How can I restrict users from seeing custom object records which share the same account as them?
Example: We have a Settlement custom object. The org wide security default is Private. When these records are processed, they are owned by a "process queue" so sharing based on the owner is ruled out for now.
What I need to have is, If a settlement record's account is to Account A, customer portal users belonging to Account A should be able to see it.
Even Sharing rules don't help as the criteria does not even display Account and even if it did I cannot make this dynamic as the criteria can compare against only static values.
So what are the best practices around sharing of this nature? How is record level security achieved?
As of now I understand I might need apex sharing rules but I am trying to see if I am not missing something.
Were you able to solve this issue ?
You say:
How can I restrict users from seeing custom object records which share the same account as them?
Then
What I need to have is, If a settlement record's account is to Account A, customer portal users belonging to Account A should be able to see it.
So should they or should they not be able to see it.
Also, is the relationship a lookup or master detail? Also, I believe that you can set the record to private if owned by a queue based on this statement: In fact I just tested and you can set OWD to private if owner is a queue
Record Ownership Each record is owned by a user or optionally a queue for custom objects, cases and leads. The record owner is automatically granted Full Access, allowing them to view, edit, transfer, share, and delete the record.
Starz26, thanks for your reply.
Currently, the ORG wide defaults for the custom objects I need are set to private.
For example, I have a Visual force search page which allows a user to search a custom object's records by specifying a date range.
This page gets its data from an apex class whic uses a SOQL query.
Currently my user who sees this in the portal belongs to Account A, He should ONLY BE ABLE TO see records whose Account is Account A. But this is not the case. What am I missing here?
does your class declaration include the "with sharing" keyword?
if not, then that would be why. By default, apex classes run in system mode unless called by another class using with sharing
Hey Starz26,
This is the first line of my class definition
Am I missing something?
Thanks,
Calvin
Also could you please elaborate on this statement from your previous reply?
Also, is the relationship a lookup or master detail? Also, I believe that you can set the record to private if owned by a queue based on this statement: In fact I just tested and you can set OWD to private if owner is a queue
What relationship is this alluding to? How can I set a record to be private if owned by a queue. Is this something in config or apex code?