+ Start a Discussion
Mr. WMr. W 

Basic Hierarchy Requirement

Objective:  Sales Reps only See Accounts They Own or Are In Same Role.  


Account Security:  Private.

Profile Object Security:  "View All" and "Modify All"  DESELECTED


Situation:  I have a group of sales reps that are all in the same role.  Everyone can see each other's records.  From here I want to change the system so each sales rep can only see the account records they own.  I also want to be able to add a read-only user to certain sales reps.  So that read only user will be able to see accounts and contacts belonging to a certain single sales rep.  


Plan:  Create a role for each individual salesrep at the same level of the hierarchy.  For the read only user, create a read only profile and assign it the same role for as the desired sales rep.  


Source of Confustion (please help):  


When i create a new level of the heirarchy it automatically says: "Sharing Groups: Role, Role and Subordinates"  I would assume that means that anyone in that role would be able to see the same records.  


However, inorder for the records to be visiable to the two users, I also need to create a sharing setting for that specific role.  this seems wrong.  


Can you help?


Many Thanks in Advance and Happy Hoildays!  



If the read-only user can only see certain sales reps, I would use Account Teams for this, with the visibility set to read-only. Don't forget to set the Opportunity and Case visibility appropriately. Any time you can say "I want ALL members of this arbitrary group to have THIS visibility", then you can set up a sharing rule. When that isn't true then you need to use one of these tools:


  • Manual sharing (aka the Share button)
  • Account and Sales Teams - if you are using, respectively, the Account and Opportunity objects
  • Apex sharing (via trigger, usually)


Hope this helps,

Mr. WMr. W

Thanks for your quick response.   I do indeed know that the read-only viewer needs to be able to view ALL the specific sales rep's accounts no matter what.  Would you still go for an account team?


I was thinking of putting them in the same role.  If I do put them in the same role, and View All  and Modify All are deslected in the Standard Object Permissions, do I need to create an additional sharing rule to share with members of the same role?


I would think that since the role already says "Sharing Groups: Role, Role and Subordinates" that I would not need to create my own custom sharing rule to share with people in the same Role.