+ Start a Discussion
DSIDSI 

Restricting read access for roles and hierarchies

Hello,

 

I'm using roles to try to restrict access to records.  It seems to work as expected for Edit, but not for read. 


I've created two accounts as follows:

 

Account   Owner 

100         a1         

200         a2        

 

User   Role  Profile

a1       A        B

a2       A        B

 

I have an object called O that has a field, F, that is defined as Master-Detail (Account)

 

a1 and a2 are both able to see each other's account information when accessing object O.  

 

Under sharing settings, I have no sharing rules defined, and Default Access has been set to Private for Account, and to Controlled By Parent for O.

 

Under Profiles, Basic Access is set to Read for both Accounts and O, and no Data Administration options have been checked.

 

I don't understand why a1 and a2 are still able to see each other's records.  What more do I need to do to restrict access?

 

Gloria Lee

 

Best Answer chosen by Admin (Salesforce Developers) 
DSIDSI

Sorry it has taken me so long to respond... I never did figure out how to get Roles and Profiles to work.  I think it's because roles and profiles don't do what I think they do.  However, I did come up with a workaround.  That is to use Contacts which belong to Accounts.   So, instead of (Account, Owner), it would be (Account, Contact).  Then instead of User, it would be Contact.  This works.  Salesforce understands relationships between Accounts and Contacts.

 

Hope this helps someone in the future!

All Answers

VacharaVachara

Hi Gloria,

 

Were you able to find the solution to your issue above?  If "yes", can you please kindly what you have done in order to resolve your issue?  Thank you. 

 

Best,

Ta

DSIDSI

Sorry it has taken me so long to respond... I never did figure out how to get Roles and Profiles to work.  I think it's because roles and profiles don't do what I think they do.  However, I did come up with a workaround.  That is to use Contacts which belong to Accounts.   So, instead of (Account, Owner), it would be (Account, Contact).  Then instead of User, it would be Contact.  This works.  Salesforce understands relationships between Accounts and Contacts.

 

Hope this helps someone in the future!

This was selected as the best answer