function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Selvakumar Anbazhagan 7Selvakumar Anbazhagan 7 

Role Based Groups settings issue

Hi All,

I tried making a few modifications to the OWD’s, Profiles settings, and Role settings, but didn’t have any luck with the expected outcome.  Please review the info given below – perhaps you can make better sense of it than I’ve been able to. 

We are attempting to set up user groups in SalesForce to control permissions with certain profiles.

Our “Internal” group contains users within an “Account Executive” profile.

For these users, we’d like them to be able to have the following permissions:
- Read/write access to their own Accounts
- Read/write access to their own Opportunities
- Read/write access to Accounts owned by other members of the “Internal” group
- Read only access to Opportunities owned by other members of the “Internal” group
- No access to Accounts or Opportunities owned by members in the “External” group

With these permissions set up in the group configuration, they appear to work as long as the specific user does not have a “Role” assigned to them. When a role is assigned to a specific user, the permissions allow this user to have read/write access to Opportunities within their group that they do not own.

I think our major hurdle is the combination of security settings in the OWD, Profile, Role, and Public Group settings. This combination is difficult to tweak to get the exact desired effect. Any suggestions on this?

Thanks in advance.

What is the OWD for accounts, oppty. Assign PRIVATE and then using sharing rules you can make that records read/write for the internal groups even if they belong to different roles. Assign all of them to separate groups and create sharing rules based on that.