View All permission overrides the sharing rules and allows people with that permission to view all records for that object. There are specific use cases where the View All permission may be appropriate for a specific profile, but in general that permission should be used rarely. To restrict access of certain accounts for users in that profile, you would need to remove that permission and instead set up additional sharing rules as needed.
Does sharing rule override the profile settings? if user don't have view permisson at profile level then By using the sharing rule can we give view permisssion? and also in Role hierarchy if the sharing user record is when is in top,what happens? and at lower what happens?..I hope my question is clear
Sharing setting allows you to provide permission for records where Profiles and Permission Sets tell you whether a user can create an account, it doesn't tell you which account they can read or edit. so,Without profile permission, they can't create new records.Sharing provide you access for record level and profile provide access on object level.
if a user's profile says they can read, create, edit accounts then their role and public groups tell you which accounts they can read and edit. In this way, Roles/Public Groups and Profiles/Permission Sets work together to determine a user's access to functionality and to records. If you have one but not the other, you won't have access to a record - so if you have Read on Accounts on a Profile/Permission Set but not through Sharing with Roles/Public Groups/Ownership then you don't have access and vice versa.
But, There are some times when one may override the other. For instance, you can have the Profile/Permission Set permission, Modify All Data or View All Data, in which case, we'll ignore sharing and assume you have access to the record , but there are only a few exceptions to the rule that Profiles/Permission sets work hand-in-hand with Sharing Roles and Public Groups.
if user don't have view permisson at profile level then By using the sharing rule can we give view permisssion? and also in Role hierarchy if the sharing user record is when is in top,what happens? and at lower what happens?..I hope my question is clear
plz refer
Tell me in ur words i have read all before,
Sharing setting allows you to provide permission for records where Profiles and Permission Sets tell you whether a user can create an account,
it doesn't tell you which account they can read or edit. so,Without profile permission, they can't create new records.Sharing provide you
access for record level and profile provide access on object level.
if a user's profile says they can read, create, edit accounts then their role and public groups tell you which accounts they can read and edit.
In this way, Roles/Public Groups and Profiles/Permission Sets work together to determine a user's access to functionality and to records.
If you have one but not the other, you won't have access to a record - so if you have Read on Accounts on a Profile/Permission Set but not
through Sharing with Roles/Public Groups/Ownership then you don't have access and vice versa.
But, There are some times when one may override the other. For instance, you can have the Profile/Permission Set permission, Modify All Data
or View All Data, in which case, we'll ignore sharing and assume you have access to the record , but there are only a few exceptions to
the rule that Profiles/Permission sets work hand-in-hand with Sharing Roles and Public Groups.
Regards,
Ajay