function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
AlokVAlokV 

Read access to accounts owned by a profile to some other profile

Hi All,

 

I have two profiles in my org i.e. CE and AE. I want to provide read permission to all accounts owned by CE to AE( CE is above in role hierarchy and org wide default is set to private). But AE users are not able to access accounts owned by CE users even after provding read access thorugh sharing rules.

 

Is it happening because of role hierarchy?

 

Thanks,

Alok

 

Vinita_SFDCVinita_SFDC

Hello Alok,

 

Yes you are right this is happening because of role hierarchy. CE role users can see the Accounts owned by the users with role AE but opposite is not possible.

 

For this requirement please create a criteria based sharing rule like :

 

Role equals CE

 

then provide read access to user role with AE.

AlokVAlokV

Hi Vinita,

 

I hae created the criteria based rule and have given read access on accounts. But users with AE profile are still not able to see accounts owned by CE users.

 

Please note that org wide defaults is set to private. When I change it to Public read only, they are able to see. As far as I know, sharing rules are used to widen the access rights. So, I am unable to understand why AE users are not able to see accounts even after sharing rules being in place.

 

Thanks!

AlokVAlokV

Hi Vinita,

 

It is working fine for roles if I select roles for criteria. But if I create two public groups and put users in groups, it is not working. (don't want to share all the  records of users of  particular role with other role.)

 

 

Public Group       User

CE  User                  A

AE   User                  B

 

I have the sharing rule .

 

Owner in Group: CE User  Group: AE User Read Only

 

but this is not working.

 

So what can be the reason. It works fine for roles.

 

Wating for reply .

 

Thanks!

 

 

 

 

 

 

Peter_sfdcPeter_sfdc
Just a shot in the dark: have you made sure that User A is in the CE public group and that User B is in the AE public group?

You're right that if everything is in place as you describe that if user A owns the account record that user B should be able to see that the account is there. Have you clicked on the add sharing button and investigated who has record access to the record?

You might also take a look at the AccountShare object and see if you can see the sharing data that would need to be there.

Finally, when you make the change, you might need to wait a bit for the sharing recalculation to occur, particularly if there is a lot of account data in the org where you are testing your new sharing rule.