In this blog post, we are going to discuss What are Sharing Rules in Salesforce? and how your can creates them for your data in Salesforce.
Sharing rules in Salesforce are used to open up the access to Salesforce records on top of OWD and Role Hierarchy.
Sharing rules are not available for Master-Detail relationships, Lookup relationships, Chatter Posts, Chatter Profiles, Related Listings, or Maps because access to these objects is already controlled by their own privileges and permissions.
What are Sharing Rules in Salesforce?
Sharing rules works only in case OWD for the record is either Private or Public Read Only for any that would be Default Internal or Default External.
When Sharing Rule is executed and opens up access to any record, We can also open up a record when we want to restrict access from being seen by specific roles only by creating a new sharing rule which will specify the roles explicitly who should have access to this particular record.
A sharing rule in Salesforce restricts access to records based on certain criteria.
It can be used to give individuals more or less access to specific records, regardless of whether they are record owners. They are also a handy way to restrict access to sensitive data without deleting it completely
Why Should I Use Sharing Rules?
To restrict access to records on your org, your organization may be required to create sharing rules.
If an OWD record’s default visibility setting isn’t public, you must set up a sharing rule that opens up access to any record.
For example, if an account’s OWD defaults to private and only has one user assigned to it, you must open access for all users by creating a sharing rule that grants permission for read-only access for everyone or for all internal users.
Without a sharing rule, no other users can see that account’s details, When you create a sharing rule, Salesforce automatically creates a related field called Who Can See (__c) This Record? which is populated with each user who can see the record via your sharing rule.
This field allows you to track who should have access to each record so you can keep tabs on how many people are seeing what information.
Related Article: Salesforce Organization – What it is and How it Works?
When Should I use Sharing Rules?
This sharing rule should be used when you want to open up access to records based on a more granular level than an account.
For example, if you’re an insurance company and you want your agents to see all customer records, regardless of account ownership, using a sharing rule will allow them to do so.
Or perhaps you want your employees to see only their contacts but not those of other departments you can use a sharing rule for that as well.
You could also use it to give customers or partners read-only access to specific records.
The possibilities are endless, And once again, make sure you understand how a sharing rule works before creating one.
While they may seem complicated at first glance, they are relatively easy to set up and manage once you understand how they work.
And remember: these rules won’t always be appropriate for every situation; check with your Salesforce administrator before implementing one into production.
Related Article: Salesforce Workbench: A Comprehensive Guide
Sharing Rule Categories
In Salesforce, there are four categories of sharing rules:
- Record-level sharing rules apply to a single record.
- User-level sharing rules apply to an individual user or group of users.
- Role hierarchy sharing rules let you define role hierarchy access privileges.
- Organizational-wide defaults are accessible by all users in your organization and are often used for system or setting-specific options.
All other types of sharing rules fall into one of these categories. For example, if you want to restrict an object’s use so that only certain roles can see it, then you create a role hierarchy sharing rule.
Types of Sharing Rules in Salesforce
Sharing rules in Salesforce are used to control record access to all users of the Salesforce platform, including end-users and administrators.
Sharing rules in Salesforce conatins two main types:
1. Field Level Sharing Rules
2. Record-Level Sharing Rules
Record-level sharing rules can be classified into 3 different categories – Permission Sets, Record-Level Security, and Delegated Administration and each has its usage depending on the business requirements of the customer or org.
Similarly, Sharing rules are divided into Standard and Custom types. Both these types of sharing rules enable you to control access to various records of an organization.
There are other subtypes of sharing rules in Salesforce for different types of operations those below.
How To Create A Sharing Rule?
A sharing rule defines who has access to specific records and can also specify how records are related to each other.
For example, suppose you have a sales team and you want to make sure they can always see every opportunity that relates to any account for which they’re responsible.
Or maybe you want accounts that don’t currently have any opportunities associated with them to be hidden from view.
To create Sharing rules follow the below steps, You can do all of these things with sharing rules in Salesforce.
- login to your Salesforce instance as an administrator for Creating the Sharing Rules
- Navigate to Setup > Customize > Sharing Settings > Create New Rule.
- Enter a name for your new sharing rule (for example, Hide Opportunities Not Associated With Accounts).
- Select Account as your object type and click Next Step.
- On the next page, select Show if the record is not associated with another record and click Next Step.
- On the next page, enter Opportunity in Relationship Field 1 and select is equal to from Relationship Operator drop-down menu. Click Finish.
- The sharing rule will now show up on your list of sharing rules.
- To test it out, create a new Opportunity and assign it to an Account for which there aren’t any existing opportunities.
- The Opportunity should disappear from view when you refresh the page.
- If it doesn’t work correctly, try creating a second Opportunity and assigning it to an account that already has at least one opportunity associated with it.
- The first Opportunity should appear again when you refresh the page.
Use Cases Of Sharing Rules in Salesforce
Sharing rules are built on top of records which has OWD(owner) set to Private or Public Read Only. Below are some use cases:
Use case 1: Permission for all users to access any record of Opportunity objects irrespective of their roles within the sales force. This can be achieved by sharing opportunities using a sharing rule. This will give read-only access to every user who has access to the opportunity object, but they will not have edit permission unless they have edit permission on the opportunity object itself. This will give read-only access to every user who has access to the opportunity object, but they will not have edit permission unless they have edit permission on the opportunity object itself.
Use case 2: Restricting certain users from accessing certain fields of an opportunity object. For example, you may want to restrict your marketing team from accessing the account manager field and vice versa. You can achieve it by creating a sharing rule that restricts access to only specific fields. If anyone tries to view these restricted fields, he/she will get an error message as shown below: If anyone tries to view these restricted fields, he/she will get an error message as shown below:
Related Article: What is Salesforce Testing? – Guide on Testing Salesforce
Tips For Using Sharing Rules Effectively
- If a record already has an Owner (OWD), you can’t set up a sharing rule to give access to that OWD
- Instead, use record-level security to grant access to that OWD and then either hide or delete it.
- Record-level security isn’t as granular as sharing rules, but it’s often a simpler option for granting access
- Before creating a sharing rule, be sure to have all other users’ edit permissions on your records set up properly and roles assigned correctly.
- This way, when someone with editing permissions clicks through from a sharing rule, they won’t see any error messages when they try to save their changes.
For example, if you don’t have View All Data selected for your role assignment settings and someone clicks through from a sharing rule without viewing all data privileges enabled, they will get an error notification when they try to save their modifications.
Common Workflow Scenarios
When do you need a Sharing Rule? Many organizations use sharing rules to open up records to business partners, whether customers or suppliers.
Imagine, for example, that you want your distributors to be able to view customer information.
You can use a sharing rule on each individual customer record (assuming all customers are public-read-only) to give access to your three distributors.
They’ll all have access through their user profile and will be notified with a system notification that they were granted access by one of your sales managers.
If you later change your mind about who should have access to those customer records, it’s easy enough to remove them from those sharing rules.
Similarly, if you decide that all of your distributors should have access to some set of customers say, any accounts worth more than $1 million you can write a single sharing rule that gives everyone read/write access and grants it at an organization level.
Sharing Rule Considerations
When you create a sharing rule to share a record that is accessible by anyone with a login for your instance of Salesforce, there are some important considerations: You will not see what data other users view or edit.
External users may see a record that includes personal or confidential information, even if they do not have permission to access it.
If an external user has permission to access records on an object for which sharing rules are enabled, then he or she can view and edit those records when logged into Salesforce via OWA.
It’s up to you to decide whether or not to share these types of records with external users. In general, we recommend only sharing public read-only objects (such as opportunities) with external users because these objects don’t contain any sensitive data.
1. Availability: If you use sharing rules to open up access to records, you should make sure that your sharing rules are available at all times.
2. Logging: If you use sharing rules to open up access to records, you should make sure that there’s enough logging for auditing purposes and troubleshooting
3. Data Integrity: If you use sharing rules to open up access to records, be aware of data integrity issues
4. Using Default Internal or External User Roles: When using a sharing rule to allow access to private or public read-only records, do not include default internal or external user roles as recipients of your sharing rule
5. OWD / Role Hierarchy Combinations: Avoid using an OWD that has Read Write External Access with a role hierarchy on top if you want people outside of Salesforce to see these records
Related Article: What is a Salesforce Sandbox? – Comprehensive Guide
Conclusion
Sharing rules are used to create a filter to open up access to records based on OWD and Role Hierarchy.
These rule only works if OWD for Record (Default Internal or Default External) should be Private or Public Read Only for any user role hierarchy.
To use sharing rules, you need to configure your organization settings and share setting for each object you want to access through Sharing Rules.
You can also define Sharing Rule at the individual object level. When sharing rules are executed, it opens up access to any record.
You can add multiple users with different roles by specifying their roles under the Who Can Access section of Sharing Rule configuration page on the Organization Settings page.
You can also set the period for which record will be available for users after executing Sharing Rule from the date field provided under the Date Range section of Sharing Rule configuration page.
Related Article: Salesforce Trailhead – A New Way to Learn Salesforce
Meet Nitin, a seasoned professional in the field of data engineering. With a Post Graduation in Data Science and Analytics, Nitin is a key contributor to the healthcare sector, specializing in data analysis, machine learning, AI, blockchain, and various data-related tools and technologies. As the Co-founder and editor of analyticslearn.com, Nitin brings a wealth of knowledge and experience to the realm of analytics. Join us in exploring the exciting intersection of healthcare and data science with Nitin as your guide.
