function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Complex role-based permissioning

Hi there,
I need some help with setting up data permissioning in Salesforce, as I'm a bit new to it.
I understand that roles define what records a user can access, based on the ownerID of the record. But can SF handle more complex scenarios, where a record has multiple users associated with it, each of whom play a different role? For example, in our organisation, the owner of the Opportunity is always an internal salesperson, but for the same Opportunity there will also be another user who is the reseller and another who is the distributor. One Opportunity therefore has three users associated with it, each playing a different role.
I want the reseller to log in and be restricted to accessing only those records where he/she is the reseller, and the distributor to be restricted to records where he/she is the distributor.
Is that even remotely possible in Salesforce?
Thanks for any ideas,
this is very doable.
You'll want to read up on the sharing model, take a look at this in the documentation first.  The sharing model is very powerful, and I think can do what you want, but it's better covered in the docs.

Thanks, but I read through the help docs on the sharing model pretty thoroughly (I think) and although it allows some complex setups, the data restriction is always based on the OwnerID. Thus, a user can see all records where the OwnerID belongs to the group(s) that the user is permissioned to. However, I want to show a user all records where, say, the DistributorID is part of "NorthWest Region", or where ResellerID = "John". Unless I'm mistaken, It doesn't seem to me that the sharing model can do this. Does that make sense?