+ Start a Discussion
Alexander KrykunAlexander Krykun 

How manual sharing actually works

As I understood manual sharing- it is when we want private object to  be granted access(read or write)  to    some particular user/group or role.

So, in my System administrator profile I want to share 'job' object with jenifer manager  user(Standart user profile)

job object set to private access in sharing settings on System administrator profile 

User-added image

next what i have made - from quick find box users-Krykun Alexander(System adm. profile)-sharing- add 

In this step I have the first questin: Is manual sharing about one particualr record or whole records of particual object or about all ?

I wasn't offered to choose object or record:

User-added image

When I go to jenifer manager account   I don't see job tab

 User-added image

User-added image

Also i can  choose sharing on detail page on particular record  from System administrator profile  and  make the same.

Also result will be the same. I can't see neither job tab no its records from Jenifer manager account.

1) so what the differences between enforcing manual sharing from 'user-particular user-shariing- add' and clicking sharing on record detail page? 
2) why I don't see any results?

 

 

Best Answer chosen by Alexander Krykun
Alexander KrykunAlexander Krykun

Yes, I  checked out this point  before posting. On her profile tab visibility is turned to "default on", But I still can't add  read permission because all CRUD  checkboxes  are not editable on standart user profile(I'm trying to make from System administrator profile, not from jenifer account). 

User-added image

So the only decision  is to clone standart user profile in order to make it fully editable?

All Answers

James LoghryJames Loghry
Tab visibility and record visibility are two separate pieces of security.

To enable the Jobs tab for Jennifer, you'll need to go to Jennifer's profile look for the Jobs tab.  Turn it to "default on" to make it visible on the tab bar and the all tabs page (e.g. when you click the + button), or "default off" to make it only visibile on the all tabs page.  From there, Jennifer will be able to use the Jobs tab to create new Jobs records *IF* she has the proper CRUD permissions to the Job object.  Hint: Object CRUD is yet another security mechanism that is controllable via the profile.

On sharing:
Sharing determines record level access and is determined by a number of factors including (but not limited to):
  • Org wide default settings such as private, public read only / public write.  The OWD applies to all records.
  • Controlled by parent (children in master detail relationships inherit sharing settings from their master records.
  • Role hierarchy - If a record is private or public read only, and if sharing is set up to role up the hierarchy then the owner's parents in the role hierarchy can also either read or write to the record.
  • Sharing Criteria / Sharing rules - a set of criteria to grant access to records based on criteria or formulae.
  • Apex sharing - records can be created by code to grant access to records programmatically
  • Manual sharing - If you have a private or public read only record, you can grant access to a specific record (NOT an object) to a set of users or groups
  • There's also stuff like case teams, account teams, territory hierarchy, etc that can effect record visibility as well.

So in order for Jennifer to view Jobs records she will:
  1. Need the jobs tab added to her profile (OR have the Jobs available from a related list on another object)
  2. Have the read permission on the Jobs object in her profile
  3. To see existing Jobs records, the Jobs will either need to have either a org wide default of public read only or public write, will need to own the record, or she will need to be granted access to the record with one of the mechanisms outline above.
Hope that helps and doesn't confuse the situation even further :)
 
Alexander KrykunAlexander Krykun

Yes, I  checked out this point  before posting. On her profile tab visibility is turned to "default on", But I still can't add  read permission because all CRUD  checkboxes  are not editable on standart user profile(I'm trying to make from System administrator profile, not from jenifer account). 

User-added image

So the only decision  is to clone standart user profile in order to make it fully editable?

This was selected as the best answer