function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Why can users create opportunities on accounts they have Read Only access to?

I'm trying to get some control of record creation which has been a little too global previously and I've noticed a problem whereby users who only have read only access to an accounts and its opportunities can still create an opportunity on that account.  Once created they cannot edit it in any way so this seems like a bug to me.  The Sharing button on the account clearly says Read Only and the user does not have any special privileges like Modify All Data or anything like that, so why can he still create an opp?  It seems like an oversight in the security of the org and I fear that I'll not be able to control it.  FYI Opportunity OWS are set to Private.




Check the profile permission for Opportunity....



Magulan D


They have Read, Write, Edit, Delete; thats it.  No view all or modify all.  Since they only have Read Only access to the Account and its Opportunities (as confirmed on the Sharing page for the account) then these permissions should not allow them to create an oportunity.


Since opportunity has Read, Write, Edit, Delete permissions, you will be able to create opptys.

Only associated opptys will follow Account's permission.



Magulan D certified Developer.


If this post is your solution, kindly mark this as the solution.


Are you sure?  That doesn't make sense.  In what sensible world does "Read Only" mean "Read and Create"?




Yes, this is possible.

Because, we have lookup relation between Account & Opportunity.



Hence the Object CRUD settings in Account will not have any effect on Opportunity.

Since the User is having Create permission on Opportunity, hence they are able to create it.




Salesforce For All