function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Sushma Tiwaari 12Sushma Tiwaari 12 

Permission Sets Vs Sharing Rules - When to use what?

I have a doubt appreciate if you could answer it. If both Permission Sets and Sharing Settings is used to open-up access over-riding OWD, what is the difference between Permission set and Sharing when functionality is same i.e to extend access to data and when do you use which feature. when 10 people have the same profile and only one user needs access to extra permission, I can create permission set, why not sharing rule? In which scenarios do you use Permission set and Sharing Settings please explain with examples.
CloudalyzeCloudalyze
Hi Sushma,

You can base a sharing rule on record ownership or other criteria. After you select which records to share, you define which groups or users to extend access to and what level of access they have. please follow the document below (https://help.salesforce.com/articleView?id=security_about_sharing_rules.htm&type=5)

Create permission sets to grant access among logical groupings of users, regardless of their primary job function. For example, let’s say you have several users with a profile called Sales User. This profile allows assignees to read, create, and edit leads. Some, but not all, of these users also need to delete and transfer leads. Instead of creating another profile, create a permission set. please follow the document below (https://help.salesforce.com/articleView?id=perm_sets_overview.htm&type=5)

Coming to extra feature - when 10 people have the same profile and only one user needs access to extra permission, I can create permission set, why not sharing rule?

-sharing rules is only for recore saving when organization wide default is set to private, and permission set is to give the extra access to user.
 
Deepali KulshresthaDeepali Kulshrestha
Hi Sushma,

Permission sets (like profiles) only provide general permissions to objects.
Creating a permission set is like extending a profile.
If your org wide sharing rules for an object are set to private then creating permission set with create/read/write on that object will only allow them to create and manage their own records and not records owned by other users.
If you want them to be able to edit/update other users records then those records need to be shared with team.
You provide access to records, as you have already kind of figured out, using sharing rules.

I hope you find the above solution helpful. If it does, please mark as Best Answer to help others too.

Thanks and Regards,
Deepali Kulshrestha