Friday, December 2, 2016

Sharing Rules in Salesforce.

Rules are basically to provide the additional access on records to the specified users via Roles, Public Groups, Profiles and particular users.

How many ways sharing is happening?
– Organization-Wide Defaults
– Role Hierarchy
– Sharing rules
– Apex programming.

1. Organization-Wide Defaults:

This setting is applicable for whole org not for single group or single person. And data will share to others based on the “Default Sharing Settings”. We have different types of OWD setting:

Private: Whenever the OWD setting is Private, no one can see other data, means Opportunity is set to private and I created one opportunity in the org, no body have access on that record.

Public Read/Write: Whenever the OWD setting is Public Read/Write, everyone get access on every record with read and write record.

Public Full Access: Whenever the OWD setting is Public Full Access, everyone get access on every record with full access.

Public Read/Write/Transfer: Everyone get the access on every record with read, write and transfer access on that record.

Controlled by Parent: This setting is enabled only for child records (master details), everything is controlled by its master (parent) record.


2. Role Hierarchy(Grant Access Using Hierarchies):


– Sharing will get based on role hierarchy, means if I (SalesRep) create one opportunity record and my manger will get access on that record.

    Setup -> Security Controls -> Sharing Settings -> Edit -> Grant Access Using Hierarchies

– By Default standard objects doesn’t have edit option on Grant Access Using Hierarchies.
– If we uncheck for the custom object then no body get the access on those records.

3. Sharing Rules:

If we want to share the records with specified groups or roles, then we can user criteria based rules.

Setup -> Security Controls -> Sharing Settings -> Sharing rules -> click on new -> create.

We have two types here

a. Based on record owner: We can provide which user’s records to whom and provide the access to  what level like read only or read/write.





b. Based on criteria: Here we can create a criteria with object’s fields, like opportunity name contains with specified string (Accenture).




4. Apex programming:
We can share the records in apex code to the specified groups, roles and users. First three methods are useful the sharing is at the org level and group’s level even to the individual users but not on action performed on the record.

Example:
If the Opportunity Owner has changed to someone and give the READ access to the previous owner.

Note: we cannot achieve this one with first 3 methods. So we will go for trigger and write apex programming.

trigger OpportunityShare on Opportunity ( after update){
     List<OpportunityShare> opptyShareList = new List<OpportunityShare>();
     for(Opportunity oppty: trigger.new){
        if(oppty.ownerId != trigger.oldMap.get(oppty.id).ownerId){
                OpportunityShare opptyShare = OpportunityShare();
                opptyShare.UserOrGroupId = trigger.oldMap.get(oppty.id).ownerId;
                opptyShare.ParentId = oppty.Id;
                opptyShare.AccessLevel = ‘READ’;
                opptyShare.Rowcause = Schema.OpportunityShare.Rowcause.manual;
                opptyShareList.add(opptyShare);
          }
      }
     insert opptyShareList;
}

No comments:

Post a Comment