Blue Flower

Setting Up Role Hierarchies and Sharing Rules

Details
Category: Uncategorised
Hits: 2390

When our org was initially setup, contractors did most of the assigning and most objects are not private. This makes sense for our org because while we do have some delimitations across objects, generally speaking we are broadly collaborative, and it is not unusual for someone to take on and complete the opportunity or case of someone in a different group when they need a hand.

Now that I have created some objects in Salesforce that serve to test users knowledge and skills, I am working with a real need to protect users from seeing each others work. This means I have to begin to really investigate how to apply role hierarchies and sharing rules in our org.

Simple Role Hierarchy Design

Initially, it made sense to set up the role hierarchy where all users fields can be viewed by:

  • The System Administrator role, because the two users who hold that role are the Sales & Support team manager and myself, the Director of Training. So we both need complete access to the records.
    • Economic Account Executives (EAE)
      • Business Development agent
    • Sales Coordinator
    • CSL Manager
      • Customer Services Leads

However, in testing it became clear that the problem with this structure is that while it is appropriate for the CSL's since the CSL manager should see all CSL's across all verticals. It wasn't working for the Business Development agents because we only wanted the Sales person they worked directly under to be able to see their records, not all Economic Account executives. Since sharing rules can open access but not remove it, I need to adjust the hierarchy slightly to protect the Biz Dev records, and then expose them with sharing rules.

I also need to apply sharing rules to these records for the CSL Manager Role, since she is also the other trainer.

 

Applying Sharing Rules to the Object.

Sharing rules start with the creation of public groups. In my case I need a public group for each vertical and for sharing access to the object with CSL Manager Role. For my org that is currently 5 groups, 4 based on individual users to open records to and one based on a role.

  1. Vertical 1-Select Member is the EAE for Vertical 1
  2. Vertical 1-Select Member is the EAE for Vertical 1
  3. Vertical 1-Select Member is the EAE for Vertical 1
  4. Vertical 1-Select Member is the EAE for Vertical 1
  5. Trainer Access- The CSL Manager Role

Once these are in place there is the matter of assigning these rules. For this, we have to return to the sharing settings.

To set sharing settings specifically for the worksheet objects, I have to employ two different methods triggered from the radio dial button for rule type.

For the Vertical Shares:

I won't pretend this is an ideal rule setup, specifically the filter, but it works, for now.

  • Created the label by the vertical/public group name
  • Rule type: Based on Criteria
  • Field Criteria for record sharing: Created by id: User Org Id
  • Share with: Public Group> Vertical Name
  • Access: Read Only
For the Owned by share:
  • Created the label and selected the owned by Role>Business Development
  • Share with: Role>CSL Manager
  • Access: Read Only

*Be careful about reports created by users*