function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Again AgainAgain Again 

Grant view/edit access to selected records only

Hi,
 
Is there a way I can grant view/edit access to selected records only, for a specific profile? We have a small customer club, and I want to grant the club administrators view access to club members, and then allow them to manipulate a custom object hooked to these records.
 
I can't change the recordtype for the selection of records  - I would have to filter on criteria such as "is club member".
 
Thanks,
Rozanne
 
 
Again AgainAgain Again

Assuming the silence means it can't be done :smileyindifferent: ... can I limit view access to records by record type? I created a different record type just to test, and restricted the new profile's access for just this record type, but if I log in with this profile I can still see records with the other record type, I just can't create records with this record type - I was hoping to lock down view access for these records also. Is it possible?

Thanks so much,
Rozanne
MKPartners.comMKPartners.com
The ability to View/Edit a record is controlled by Sharing & the Role Hierarchy in Salesforce.  Sharing consists of your Global Default Rules, Object Sharing Rules, and Record Sharing.

Record Types do not affect sharing.

You can prevent users from viewing/editing specific records by ensuring that the owner of those records does not share his/her data with the users.

You could also, create a set of duplicate fields in which you store the data that is to be hidden and via Field Level Security, only make those fields visible to the appropriate users.  This is probably the most secure, but makes your field configuration more complex.
Again AgainAgain Again
Thanks for the reply Matt!
 
I'm a little hesitant to mess with the sharing rules - because I think if I make e.g. the Accounts private I'll be hiding the accounts from the club, but then the different reps can't share either, unless I play around with the teams and get it just perfect. Our problem is that we almost run 3 different businesses within one organization, and each group has its own way of doing things :-)
 
To be safe, I'm making SF the master db and will just create a completely seperate application to let the club manage their few records. It's a waste of effort in some respects but probably the most prudent for now.
mpaulsmeyermpaulsmeyer
I have a question about this quote...
"You can prevent users from viewing/editing specific records by ensuring that the owner of those records does not share his/her data with the users."

I understand that sharing can be granted when it is turned off on the organizational level, but not sure how to implement what you said in the quote above.  Can you please explain how to do it that way? 

Thanks!
Mike.
MKPartners.comMKPartners.com

Mike,

You need to set your Org Wide Defaults to Private.  This will restrict users to only being able to see their own data and the data of those who report to them in the role hierarchy (with the exception of Admins).

There's no way to prevent a user from sharing records they own with others, just as there's no way to prevent a user from printing out a record and giving the paper to a collegue.

I hope that answers your question.