function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Partner Portal

We have a partner portal where the user logs in and give us lead information that then turns into accounts.  They should be able to see what accounts came from them but no other accounts.  Right now they can see everything.  I have checked the profile and it only has Read and Create access on (Accounts, Contacts, Leads).  I looked at their Role and they are at the bottom of the chain(no one below them). 


How are they seeing all this information?






What does the org-wide sharing model look like?  It sounds like its set to Public.


Alternatively, there may be a sharing rule that shares Accounts with "Roles and Subordinates."  This grants Sharing access down the role hierarchy.


Let me know if neither of those work.






Yes I checed it out and it is public.  Ugh hate that override.  I just started with the company and I can't make the change for it to be more private so we took away items that the partner gets to see.  Now I am trying to create reports for them to see things. 


It is weird they can see account(all accounts part of the problem) but when I create a report for them to see the account it give me Insufficient Privileges.  How can I see the accounts but yet not create a report for them to run to see accounts????






If you are not able to create the Report itself, you probably don't have Create & Customize Reports permission.

If you can not run the report, you probably don't have Run Reports permission.


To get these permissions ask your administrator to provide them.


If you can create the report and are not able to view the report while logged in as a portal user or your portal users are not able to see the report, check the folder permissions for the folder that contains your report.

A user must have access to the report folder to run reports stored in the folder.


This folder is accessible by all users, including portal users  is one of the options you will get to select while setting Report Folder access. Select it if you want portal users to view your reports.


If your Portal users are able to see all accounts their might be some Sharing Rule present that provides read access to all accounts for Roles and Subordinates, change that to Roles and Internal Subordinates so that portal users won't be able to view those.


Please let me know if any of these suggestions work for you.









Jayant thanks for the reply.


I am the system administrator.  I am able to create and run reports.  I have made this folder visible to the partners and log in as one of them on the partner website to verify the work.  I have a report of leads that runs just fine with their permissions and that is setup as Private in our Company sharing rules.  I create a report for the accounts and it errors out :(


The odd thing is that they are able to view all Accounts, which is why I had to remove the tab from their view.  In removing the tab we were going to give them a report to run.  I can't change sharing rules over all the company right now, we are setup as public read only on accounts.  I would think with these permissions it would be no problem creating a report. 

Thanks for all the suggestions...I feel like I am learning something new every day.




Tena - What criteria are you using in your report?  Is it just accounts, or does it include additional related objects such as Contacts, Opportunities, Custom Objects, etc?  That may be the cause of the Insufficient Privileges error.


As a possible alternative, you may want to create a custom Visualforce page that shows your Portal users all the data they need to see.  I also must mention that hiding the Accounts tab won't prevent users from viewing Accounts indirectly.  For example, they could still click to view an Account record from its related Contact, or by manually browsing to <instance>


I understand that migrating from a Public to Private sharing model can be difficult.  You can create a sharing rule that shares All Accounts with all Internal Users, which would be like having a Public sharing model for Internal Users only.  If you switched to Private as the org-wide default, Portal Users would lose visibility to Accounts, but all of your internal users should have the same access.


I hope that helps!  Let us know how it goes.


My report is just accounts.  I even only include account name on the report so this way I could possibly limit it to a field issue. 


I will have to try a visual source page and see if that works.  Visualforce pages will not be limited by the same privileges?  I don't want to go through the work of creating one and run into the same issue.  I am very new to Salesforce but have created one in my "learning" :) 


I know this isn't the best way and not the way I would like to do it but we are doing a major data cleanup right now and it was decided not to make any other changes for now.  I am hoping in the next couple of months that we can have it all looking nice.




If the users cannot see a report of just Account Names, but they can view Accounts in the browser, it must be an issue with the Report Folder or the Run Reports permission on their Profiles.


A Visualforce page is a great way to give users a controlled view of only the objects and fields you wish them to see.  You can create custom controllers in Apex or extend the standard controllers to add functionality to your VF pages.  Apex can operate in Sharing Mode, which follows sharing rules, or in System Mode, which acts like the System Administrator.  System Mode can be useful if you want to show users a particular field or object in a controlled manner.


For example, if you don't want to give portal users access to Opportunities, but you want them to see the Opportunity Name for any Accounts they own, System Mode can accomplish that for you.  Of course you should always think it through and make sure you aren't accidentally giving users too much access, but System Mode can be very useful in certain circumstances.

Tena W.Tena W.

Thanks everyone.  I was able to talk them into moving the company profile to private and changing all the profiles :)


Thanks for all the responses.