You need to sign in to do that
Don't have an account?
Krisztian
Implicit sharing
What does "The account owner's role determines the level of access to child records." means?
* The ACCOUNT and the CASE is PRIVATE.
* USER05 is a Sales Rep and owned the "ACME" Account Record.
* The Sales Rep has Sales Rep Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _CREATE_, _READ_, _EDIT_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* Users in this territory can _READ_ and _EDIT_ accounts assigned to this territory.
* Users in this territory can _READ_ and _EDIT_ all cases associated with accounts in the territory, regardless of who owns the cases.
* USER15 is a Service Engineer User who created and owned the Case001 Record that related to ACME Account.
* The Service Engineer has Service Engineer Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _READ_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* USER26 is a Lead Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, but in other branch (independent from Sales Rep Role)
* The Lead Support User has _READ_ permission on the Case.
* The Lead Support User has access to the ACME Account based on a sharing rule
* The Lead Support User access to the Case001 record by implicit sharing
* USER30 is a Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, below the Lead Support.
* The Support User has _READ_, _EDIT_ permission on the Case.
* The Support User has access to the ACME Account based on a sharing rule
* The Support User access to the Case001 record by implicit sharing
Fact: USER26 can _READ_ the Case001 record.
Fact: USER30 can _EDIT_ the Case001 record.
Note: The Profiles can restrict access level. (except read all and modify all, but the profiles do no not have read all and modify all)
Note: https://help.salesforce.com/articleView?id=sharing_across_objects.htm&type=5 -> "The account owner's role determines the level of access to child records."
The account owner's role is "cannot access cases". Why can USER30 _EDIT_ Case001?
* The ACCOUNT and the CASE is PRIVATE.
* USER05 is a Sales Rep and owned the "ACME" Account Record.
* The Sales Rep has Sales Rep Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _CREATE_, _READ_, _EDIT_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* Users in this territory can _READ_ and _EDIT_ accounts assigned to this territory.
* Users in this territory can _READ_ and _EDIT_ all cases associated with accounts in the territory, regardless of who owns the cases.
* USER15 is a Service Engineer User who created and owned the Case001 Record that related to ACME Account.
* The Service Engineer has Service Engineer Role
* Users in this role cannot access cases that they do not own that are associated with accounts that they do own
* Based on the Sales Rep profile has _READ_ permission for Account
* The Sales has access to the ACME account by Enterprise Territory Manager 2.0.
* USER26 is a Lead Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, but in other branch (independent from Sales Rep Role)
* The Lead Support User has _READ_ permission on the Case.
* The Lead Support User has access to the ACME Account based on a sharing rule
* The Lead Support User access to the Case001 record by implicit sharing
* USER30 is a Support User and has access to the ACME Account based on a sharing rule
* The Lead Support User has role, below the Lead Support.
* The Support User has _READ_, _EDIT_ permission on the Case.
* The Support User has access to the ACME Account based on a sharing rule
* The Support User access to the Case001 record by implicit sharing
Fact: USER26 can _READ_ the Case001 record.
Fact: USER30 can _EDIT_ the Case001 record.
Note: The Profiles can restrict access level. (except read all and modify all, but the profiles do no not have read all and modify all)
Note: https://help.salesforce.com/articleView?id=sharing_across_objects.htm&type=5 -> "The account owner's role determines the level of access to child records."
The account owner's role is "cannot access cases". Why can USER30 _EDIT_ Case001?