salesforce_security_impl_guide
salesforce_security_impl_guide
salesforce_security_impl_guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Securing and Sharing Data<br />
Sharing Rule Considerations<br />
Sharing Rule Considerations<br />
Sharing rules allow you to selectively grant data access to defined sets of users. Review the following<br />
notes before using sharing rules:<br />
Granting Access<br />
• You can use sharing rules to grant wider access to data. You cannot restrict access below<br />
your organization-wide default levels.<br />
• If multiple sharing rules give a user different levels of access to a record, the user gets the<br />
most permissive access level.<br />
• Sharing rules automatically grant additional access to related records. For example,<br />
opportunity sharing rules give role or group members access to the account associated<br />
with the shared opportunity if they do not already have it. Likewise, contact and case sharing<br />
rules provide the role or group members with access to the associated account as well.<br />
• Users in the role hierarchy are automatically granted the same access that users below<br />
them in the hierarchy have from a sharing rule, provided that the object is a standard object<br />
or the Grant Access Using Hierarchies option is selected.<br />
• Regardless of sharing rules, users can, at a minimum, view the accounts in their territories.<br />
Also, users can be granted access to view and edit the contacts, opportunities, and cases<br />
associated with their territories’ accounts.<br />
Updating<br />
• Creating an owner-based sharing rule with the same source and target groups as an existing<br />
rule overwrites the existing rule.<br />
• Once a sharing rule has been saved, you can’t change the Share with field settings<br />
when you edit the sharing rule.<br />
• Sharing rules apply to all new and existing records that meet the definition of the source data set.<br />
• Sharing rules apply to both active and inactive users.<br />
EDITIONS<br />
Account and contact sharing<br />
rules are available in:<br />
Professional, Enterprise,<br />
Performance, Unlimited,<br />
and Developer Editions<br />
Account territory, case, lead,<br />
opportunity, and custom<br />
object sharing rules are<br />
available in: Enterprise,<br />
Performance, Unlimited,<br />
and Developer Editions<br />
Campaign sharing rules are<br />
available in Professional<br />
Edition for an additional cost,<br />
and Enterprise,<br />
Performance, Unlimited,<br />
and Developer Editions<br />
Only custom object sharing<br />
rules are available in<br />
Database.com<br />
• When you change the access levels for a sharing rule, all existing records are automatically updated to reflect the new access<br />
levels.<br />
• When you delete a sharing rule, the sharing access created by that rule is automatically removed.<br />
• When you modify which users are in a group, role, or territory, the sharing rules are reevaluated to add or remove access as<br />
necessary.<br />
• When you transfer records from one user to another, the sharing rules are reevaluated to add or remove access to the transferred<br />
records as necessary.<br />
• Making changes to sharing rules may require changing a large number of records at once. To process these changes efficiently,<br />
your request may be queued and you may receive an email notification when the process has completed.<br />
• Lead sharing rules do not automatically grant access to lead information after leads are converted into account, contact, and<br />
opportunity records.<br />
Portal Users<br />
• You can create rules to share records between most types of Customer Portal users and Salesforce users. Similarly, you can create<br />
sharing rules between Customer Portal users from different accounts as long as they have the Customer Portal Manager user<br />
license. However, you can’t include high-volume portal users in sharing rules because they don’t have roles and can’t be in public<br />
groups.<br />
67