Programming
Reader small image

You're reading from  Salesforce for Beginners - Second Edition

Product typeBook
Published inOct 2022
PublisherPackt
ISBN-139781803239101
Edition2nd Edition
Tools
Salesforce
Concepts
CRM
Right arrow
Authors (2):
Sharif Shaalan
Sharif Shaalan
author image
Sharif Shaalan

Sharif Shaalan was first introduced to Salesforce as an end user in 2007. His range of experience, from a sales rep to technical architect, helped him successfully lead more than 100 implementations including projects that were showcased on the main stage at Dreamforce. In 2013, Sharif was chosen as a Salesforce MVP, and in 2020 he was inducted into the Salesforce MVP Hall of Fame. Sharif is a regular speaker at Salesforce conferences and has obtained more than 10 Salesforce certifications. He is the founder and CEO of Agile Cloud Consulting and continues to be an active Salesforce community contributor
Read more about Sharif Shaalan

Timothy Royer
Timothy Royer
author image
Timothy Royer

Timothy Royer is the VP of Delivery at Agile Cloud Consulting and a Salesforce Certified Application Architect. Timothy began his Salesforce career in 2012 as an accidental administrator and has since participated in a number of implementations in a variety of roles. Timothy has experience as a Salesforce customer, a Salesforce partner, and as a member of the Salesforce.org professional services team.
Read more about Timothy Royer

View More author details
Right arrow

An Overview of Sharing and Visibility

Sharing and visibility are the cornerstones of data security in Salesforce. In the context of a business, the first decision that an organization makes is whether to have an open policy, which means all the users can see all the records. Depending on the nature of the business, this is not always possible and some records and/or fields need to be secure and only visible to certain people. If this is the case, the system needs to be set to completely private from the start; then, access is granted using several layers of administration features.

In this chapter, we will cover the following sharing and visibility security features in detail:

  • Using organization-wide defaults
  • Understanding the role hierarchy
  • Applying sharing rules
  • Setting team access
  • Setting profile access
  • Using permission sets
  • System and user permissions, implicit sharing, and Apex sharing

With the help of these topics,...

Technical requirements

For this chapter, make sure you log in to your development org and follow along as we work through the different sharing and visibility settings available to a system administrator.

Using organization-wide defaults

The first decision that needs to be made, as mentioned in the introduction, is whether you want to have an open organization, where all data is visible and editable by everyone, or whether any data needs to be restricted from being viewed or edited by certain people. Let’s see how this works with a use case.

Business use case

You are the Salesforce admin for XYZ Widgets. You need to limit the visibility of accounts to account owners and their managers only. The first step is to make sure the organization-wide (org-wide) default settings for the account objects are set to private.

Setting up org-wide defaults

Org-wide defaults allow you to adjust these settings on an object-by-object basis. The following org-wide defaults are available for standard and custom objects:

  • Private: This means the records in the object are only visible to and can only be edited by the record owner and anyone above the record owner in the...

Understanding the role hierarchy

Every user record in Salesforce has the option to be added to a role. That role is part of an overall hierarchy. The most common use case is when someone higher in the role hierarchy inherits the permissions to objects of users that are below them. For example, the sales manager role inherits the permissions of someone in the sales rep role as the manager comes above the sales rep in the hierarchy. There are also instances such as Sales Ops where the user may not be higher in the organizational hierarchy, but sits higher on the role hierarchy due to the need to have visibility in all levels of the business.

Business use case

As the Salesforce admin for XYZ Widgets, you need to limit the visibility of accounts to account owners and their managers. The previous step of setting up the org-wide default settings for accounts as private assures you that only the account owners can see the accounts they own. Setting up a role hierarchy will take care...

Using organization-wide defaults

The first decision that needs to be made, as mentioned in the introduction, is whether you want to have an open organization, where all data is visible and editable by everyone, or whether any data needs to be restricted from being viewed or edited by certain people. Let's see how this works with a use case.

A business use case

You are the Salesforce admin for XYZ Widgets. You need to limit the visibility of accounts to account owners and their managers only. The first step is to make sure the organization-wide (org-wide) default settings for the account objects are set to private.

Setting up org-wide defaults

Org-wide defaults allow you to adjust these settings on an object-by-object basis. The following org-wide defaults are available for standard and custom objects:

  • Private: This means the records in the object are only visible to and can only be edited by the record owner and anyone above the record owner in the role hierarchy (we will cover...

Setting team access

Teams are a feature available on the account object and the opportunity object. For accounts, they are called account teams, and for opportunities, they are called sales teams. Teams allow you to add users to specific accounts and opportunities. They consist of specific users for whom the record owner can set access to the record.

Business use case

You are the Salesforce admin for XYZ Widgets. The sales manager wants an account team, which consists of an engagement manager and a support specialist, to have access to certain accounts. The account record owner should be able to add two users to the team and grant the engagement manager read-only access, while granting the support specialist read/write access. Let’s see how this works.

Adding a user and setting team access

Team-related lists are available on the account and opportunity objects when the teams feature is enabled. Let’s take a look at what this looks like when adding team...

Setting profile access

Profiles are a very important and powerful security feature. In the same way that each user in Salesforce can have a role, each user must have a profile. Profiles allow you to set access to objects that are more powerful and overwrite other security settings. While profiles cover a multitude of settings, we will only focus on the object settings in the context of sharing and visibility here.

Business use case

You are the Salesforce admin for XYZ Widgets. The sales manager has requested that a group of users, all of which have the Service Manager profile, should have View All access to the accounts object. You will do this by updating the Service Manager profile.

Updating profiles

Let’s take a look at how we access the profile settings. As the following screenshot shows, we can access this setting from the Setup page, as discussed in Chapter 9, Setup and Configuration:

Graphical user interface, text, application, email Description automatically generated

Figure 10.7: Finding the Profiles page from Setup

Let&...

Team access

Teams are a feature available on the account object and the opportunity object. For accounts, it is called account teams and for opportunities, it is called sales teams. Teams allow you to add users to specific accounts and opportunities. They consist of specific users and the record owner can set access to the record for each specific user.

A business use case

You are the Salesforce admin for XYZ Widgets. The sales manager wants an account team, which consists of an engagement manager and a support specialist, to have access to certain accounts. The account record owner should be able to add two users to the team and grant the engagement manager read-only access while granting the support specialist read/write access. Let's see how this works.

Using team access

Team-related lists are available on the account and opportunity objects when the teams feature is enabled. Let's take a look at what this looks like when adding team members to the account team in the...

System and user permissions, implicit sharing, and Apex sharing

In this section, we will touch on system and user permissions, implicit sharing, and Apex sharing.

System and user permissions

System permissions are permissions that apply to all apps, such as View All Data or Modify All Data. User permissions are permissions that are tied to user management and access. Both of these sections can be found on profiles and permission sets under the System Permissions link, as you can see in the following screenshot:

Table Description automatically generated with medium confidence

Figure 10.15: Link for System Permissions found on profiles and permission sets

This takes us to the next page, which shows us a list of permissions:

Table Description automatically generated

Figure 10.16: List of permissions after clicking the System Permissions link

All of the available system permissions appear under System. Scrolling down on this page takes you to the following section:

Text Description automatically generated

Figure 10.17: Users section of System Permissions

As you can see in the preceding...

Summary

In this chapter, we learned that org-wide settings are the foundation of sharing and visibility. If anything needs to be restricted, you need to first remove all access by making the object private, then open up access as needed using various security features.

We learned what roles are and how they are used to grant access to records. We learned how to add ownership-based and criteria-based sharing rules to grant access to records. We saw what the account and sales teams are and how to add them to accounts and opportunities. Finally, we learned how to further grant record access using profiles and permission sets.

In the following chapter, we will cover User Management and Data Security.

Questions

  1. What is the first decision that should be made when looking at org-wide settings?
  2. What does the Grant Access Using Hierarchies checkbox do?
  3. What are the two types of sharing rules?
  4. Who can add team members to the account and sales teams?
  5. Does the Modify All Data data setting on a profile work if the org-wide setting for an object is private?
  6. When would you use permission sets?
  7. Where is a permission set added after it is created?

Summary

In this chapter, we learned that the foundation of sharing and visibility is the org-wide setting. If anything needs to be restricted, you need to first remove all access by making the object private, then open up access as needed using various security features.

We learned what roles are and how they are used to grant access to records. We learned how to add ownership-based and criteria-based sharing rules to grant access to records. We saw what the account and sales teams are and how to add them to accounts and opportunities. Finally, we learned how to further grant record access using profiles and permission sets.

In the following chapter, we will cover sandboxes and change sets for project management.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 11 of 24
Next Chapter
You have been reading a chapter from
Salesforce for Beginners - Second Edition
Published in: Oct 2022Publisher: PacktISBN-13: 9781803239101
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Sharif Shaalan

Sharif Shaalan was first introduced to Salesforce as an end user in 2007. His range of experience, from a sales rep to technical architect, helped him successfully lead more than 100 implementations including projects that were showcased on the main stage at Dreamforce. In 2013, Sharif was chosen as a Salesforce MVP, and in 2020 he was inducted into the Salesforce MVP Hall of Fame. Sharif is a regular speaker at Salesforce conferences and has obtained more than 10 Salesforce certifications. He is the founder and CEO of Agile Cloud Consulting and continues to be an active Salesforce community contributor
Read more about Sharif Shaalan

author image
Timothy Royer

Timothy Royer is the VP of Delivery at Agile Cloud Consulting and a Salesforce Certified Application Architect. Timothy began his Salesforce career in 2012 as an accidental administrator and has since participated in a number of implementations in a variety of roles. Timothy has experience as a Salesforce customer, a Salesforce partner, and as a member of the Salesforce.org professional services team.
Read more about Timothy Royer

Personalised recommendations for you

Based on your interests and search pattern

C++ Programming for Linux Systems

C++ Programming for Linux Systems

This book covers the essential system programming tools and helps you explore the features of C++20. It emphasizes important details to maintain code quality and tackle everyday challenges of developing software for high performance, optimization, and more.

BookSep 2023288 pages
Expert C++

Expert C++

Discover advanced programming techniques, the latest features of C++17 and C++20, and best practices for memory management, debugging, testing, and large-scale application design with Expert C++. Ideal for experienced developers advancing to proficient programmers and building professional-grade C++ applications.

BookAug 2023604 pages
iOS 17 Programming for Beginners

iOS 17 Programming for Beginners

iOS 17 Programming for Beginners, Eighth Edition is your comprehensive guide to learning the art of iOS app development. Whether you dream of creating the next chart-topping app or simply want to enhance your programming skills, this book is your trusted companion on this exciting journey.

BookOct 2023604 pages4
Developer Career Masterplan

Developer Career Masterplan

Written by industry experts that have spent the last 20+ years helping developers grow their career path towards senior developer positions and beyond. This book provides a comprehensive guide, sharing examples and stories from their global careers. By the end, you’ll have the knowledge to create a clear career progression plan as a technical professional.

BookSep 2023310 pages
Refactoring with C#

Refactoring with C#

In Refactoring with C#, you’ll explore the process of safely refactoring modern .NET code using Visual Studio features, advanced unit tests, AI assistance, and custom Roslyn analyzers.

BookNov 2023434 pages
Python Real-World Projects

Python Real-World Projects

Amplify your developer journey by curating a dynamic project portfolio that outshines traditional resumes. Delve into the Python realm through immersive projects, mastering core concepts while constructing comprehensive modules and applications. From data acquisition prowess to impactful data visualization, Python Real-World Projects arms you with essential skills to beat the competition.

BookSep 2023478 pages5
The MVVM Pattern in .NET MAUI

The MVVM Pattern in .NET MAUI

The MVVM Pattern in .NET MAUI enables developers to master MVVM principles and effectively apply them to .NET MAUI. This book uses real-life examples and covers complex problems to help you successfully apply MVVM with .NET MAUI to confidently develop robust and high-performing cross-platform apps.

BookNov 2023386 pages
Extending Microsoft Business Central with Power Platform

Extending Microsoft Business Central with Power Platform

Extending Business Central with the Power Platform is a step-by-step guide for Business Central professionals to create solutions that automate business processes, explain complex workflow approvals, and integrate with hundreds of other systems, without traditional development. It’ll guide you in customizing Business Central with Power Platform.

BookAug 2023458 pages5
Extending Microsoft Business Central with Power Platform

Extending Microsoft Business Central with Power Platform

Extending Business Central with the Power Platform is a step-by-step guide for Business Central professionals to create solutions that automate business processes, explain complex workflow approvals, and integrate with hundreds of other systems, without traditional development. It’ll guide you in customizing Business Central with Power Platform.

BookAug 2023458 pages5
Quantum Computing Algorithms

Quantum Computing Algorithms

The book emphasizes intuitive ideas behind quantum algorithms in ways that other books don’t cover, striking a careful balance between no math and too much math. To get the most from this book, you should be comfortable with basic algebra and writing simple computer code. No prior understanding of quantum physics is needed to get started.

BookSep 2023342 pages
Python – Complete Python, Django, Data Science and ML Guide

Python – Complete Python, Django, Data Science and ML Guide

Unlock Python's full potential with this 50+ hour course! From programming to web and game development, data manipulation, and machine learning, gain the skills required to succeed in various Python-related careers. With practical tasks, hands-on experience, and a strong foundation in Python, you'll be ready to tackle real-world challenges and take advantage of the many opportunities this versatile language offers.

VideoNov 202350 hours 30 minutes5
Python – Complete Python, Django, Data Science and ML Guide

Python – Complete Python, Django, Data Science and ML Guide

Unlock Python's full potential with this 50+ hour course! From programming to web and game development, data manipulation, and machine learning, gain the skills required to succeed in various Python-related careers. With practical tasks, hands-on experience, and a strong foundation in Python, you'll be ready to tackle real-world challenges and take advantage of the many opportunities this versatile language offers.

VideoNov 202350 hours 30 minutes5