What are the levels of Record Access?
No Access
Read-Only - view
Read/Write - view, edit
Full Access - view, edit, transfer ownership, delete, share
Profile vs Record Access
Profile & Permission Sets
- Control access to objects (positions)
- Control access to fields (min pay)
Ownership & Sharing
- Controls access to records (Joe)
profile might specify that a user can see a position, but the sharing model determines WHICH positions the user can see
What is record ownership?
allows you to specify which users or types of users should be able to access specific records or types of records
owners have Full Access
What is a Queue? Give an example of it.
A queue is a collection of users that can take ownership of a record.
example: ubereats where there are a queue of drivers and whoever claims your “order” first is the one that will be responsible for fulfilling it.
What are the Organization-Wide Defaults (OWD)?
Security setting defining the baseline access to data records.
- Public read/write
- Public read-only
- Private
What are some things to consider for OWD?
Need to consider who should be able to read/edit the data. If everyone is allowed to view X data, then X should be “public-read only”. However, if only HR should be able to see X than it should be “private”.
What are Roles and Role Hierarchy?
Roles control the level of visibility to each data. Each User has at most one role.
Role Hierarchy controls data visibility through the sharing model. Sharing rolls up the hierarchy unless disabled in OWD.
How does sharing roll up the Role Hierarchy?
Any subordinates will be inherited by their superiors so that each superior has at least the record access of their subordinates.
How is data visible in the Role hierarchy?
Role Hierarchy controls data visibility through the sharing model. Sharing rolls up the hierarchy unless disabled in OWD.
What are Public Groups?
Public groups are a way of grouping users together for access. Every organization has a default public group that includes all users.
- Can be used to give access to folders, share files and libraries, or provide access to a queue
- Public groups can be any combo of: users, roles, roles & subordinates, public groups
What are Sharing rules?
- Exceptions to org-wide defaults
- Access granted via sharing rolls up through the hierarchy
- Irrelevant for public data access models
Two types of Sharing Rules
Owner-based - opens access to records owned by certain users
example) need to see opportunities owned by sales managers in a different region.
Criteria-based - open access to records that fall under a certain criteria
example) just share data in which Position is manager
What is Manual Sharing?
Allows users to decide record-by-record how they want to share (Read or Read/Write). To enable this the “Sharing” button must be on the Page Layout for the object.
Who can implement manual sharing?
It can be implemented by any user with Full Access to the record.
What is Team Sharing?
Only for Accounts, Opportunities, and Cases
What is Flow Sharing?
Automates sharing declaratively when requirement goes beyond what you can do with a sharing rule
What is Apex Sharing?
Automates sharing programmatically when requirement goes beyond what you can do with a sharing rule
What are some ways you can access records you don’t own?
Role Hierarchy (vertical access) Sharing Rules (horizontal access) Manual & Team Sharing Automated Sharing (Apex & Flow)
