Apex Code Development You need to sign in to do that
Don't have an account?
Ryan Werner 22 Salesforce security issue - Account owner's role of community user is given access to accounts the community user is linked to via cases
We have a security requirement where certain accounts should only be visible to a certain public group. To enable this we have a checkbox on the account and set our OWD to private. Any account with this checkbox unchecked is shared to all internal users via a sharing rule. Any account with this checkbox checked is shared only to the public group.
We have a lightning experience implementation and have set the owners' role of these private accounts to their own role so horizontal sharing is not opened to everyone in the role, since an account owner has access to all access a community user has access to, and everyone in that account owner's role is given access as well.
We are seeing call center agents sometimes opening Cases linking a community user contact from a non-private account to a private account. This linkage appears to be opening access to that community user to the private account through this case, therefore opening up access to the private account for everyone in the role of the owner of the account belonging to that community user. This is breaking the private account access functionality.
There is a checkbox setting in Salesforce's sharing settings page called "Grant site users access to related cases" that can cut off access to a community user who is linked to a case. Although this removes access for the community user to that case, it does not remove access to the role of the account owner of that community user to the account linked in that case.
Is there anything we can do here to remedy this situation? Linking non-private account contacts to a private account via a case has legitimate use in our org, we just don't want this to open up security to the role of the non-private contact's account owner's role.
Thanks
We have a lightning experience implementation and have set the owners' role of these private accounts to their own role so horizontal sharing is not opened to everyone in the role, since an account owner has access to all access a community user has access to, and everyone in that account owner's role is given access as well.
We are seeing call center agents sometimes opening Cases linking a community user contact from a non-private account to a private account. This linkage appears to be opening access to that community user to the private account through this case, therefore opening up access to the private account for everyone in the role of the owner of the account belonging to that community user. This is breaking the private account access functionality.
There is a checkbox setting in Salesforce's sharing settings page called "Grant site users access to related cases" that can cut off access to a community user who is linked to a case. Although this removes access for the community user to that case, it does not remove access to the role of the account owner of that community user to the account linked in that case.
Is there anything we can do here to remedy this situation? Linking non-private account contacts to a private account via a case has legitimate use in our org, we just don't want this to open up security to the role of the non-private contact's account owner's role.
Thanks