You need to sign in to do that
Don't have an account?
chriscwharris
Approval and Security
I have a custom app that has 3 levels of object in a master detail hierarchy. I had set the OWD so the top level was private. The records are created by members of TEAM A who should always have access to the records for all objects in the app. So I have given them modify all. There are then 2 levels of user below, TEAM MEMBERS can see their own records, i.e. those that related to them. In order to do this I have had to rely on TEAM A manually adding the TEAM MEMBER to the sharing on each record. I can't find a better way to do this at the moment as the app needs to be generic and I won't always know what the role hierarchy or groups are before installing.
Above TEAM MEMBERS are TEAM MANAGERS, they need to be able to view their own records like a TEAM MEMBER can, but also the records of THEIR TEAM. This is where I am struggling... TEAM MANAGERS need READ access to their teams records, but also Edit access to specific objects as they are using an approval cycle. However they can not have edit access to their own record, just their team.
I hope that makes sense. The key thing is that this is an app that will be installed in lots of orgs so I will not be aware of the security model of those beforehand.
In Summary:
TEAM A has CRUD to all records in app
TEAM MANGERS can read their own records, their teams records and be able to approve/update specific objects for their team
TEAM MEMBERS can read their own records only
Since I can't find a way to dynamically add users to a records I wonder how this might be done. The TEAM MANAGER is a new custom field added to the USER object so can be referenced.
Any ideas?
Above TEAM MEMBERS are TEAM MANAGERS, they need to be able to view their own records like a TEAM MEMBER can, but also the records of THEIR TEAM. This is where I am struggling... TEAM MANAGERS need READ access to their teams records, but also Edit access to specific objects as they are using an approval cycle. However they can not have edit access to their own record, just their team.
I hope that makes sense. The key thing is that this is an app that will be installed in lots of orgs so I will not be aware of the security model of those beforehand.
In Summary:
TEAM A has CRUD to all records in app
TEAM MANGERS can read their own records, their teams records and be able to approve/update specific objects for their team
TEAM MEMBERS can read their own records only
Since I can't find a way to dynamically add users to a records I wonder how this might be done. The TEAM MANAGER is a new custom field added to the USER object so can be referenced.
Any ideas?
Are you saying the only way to dynamically change the access to a record in order to give access to a user named in a field (not hardcoded etc..) is via the APEX route?