Working with sharing rules – Certified Advanced Salesforce Admin Exam Guide

Posted on by zeusexam

Working with sharing rules

Like any other sharing method other than OWD, sharing rules cannot restrict access to records.

To create a new sharing rule, go to Setup | Security | Sharing Settings, choose an object in the Sharing Rules section, and click the New button:

There are two different kinds of sharing rules:

  • Owner-based: Record identification is based on ownership; for example, you can share an owned record with a given role or group
  • Criteria-based: Record identification is based on the record’s fields; for example, you can share a record that has the Internal Division custom field set to Utilities.

Criteria-based sharing rules are more expensive in terms of performance, but that’s why you are required to create up to 50 criteria-based sharing rules per object. The overall number of sharing rules per object (owner-based or criteria-based) has a limit of 300.

Another thing to remember is that although criteria-based rules use record fields to calculate sharing and not its owner, role and territory hierarchy could still take place (if it’s not been disabled for custom objects).

The following field types can be used for criteria calculation:

  • Auto number
  • Checkbox
  • Date
  • Date/time
  • Email
  • Lookup relationship (for the user ID or queue ID)
  • Number
  • Percent
  • Phone
  • Picklist
  • Text (case-sensitive)
  • Text area (case-sensitive)
  • URL

You can set different values for the Text and Text area fields by separating them with a comma.
 If a field type you need for the criteria is not supported, create a workflow or trigger to copy that value into a text/number field.

You can even apply filter logic to create more complex criteria.

After you have decided which type of sharing rule you want to create, select the categories of users to share with (for example, roles, territories, or groups) and the sharing access level:

  • Private: This is only available for associated contacts, opportunities, and cases (for example, Account Sharing Rule).
  • Read only: Reads a record.
  • Read/Write: Reads and updates a record.
  • Full Access: Reads, updates, deletes, transfers, and shares records (just like its owner).

Once a rule has been created, the Share with value cannot be updated.

Here is an example of an Account Sharing Rule:

It shares accounts with the Billing City of Pirri or Sestu that are in an Active state to users in the Eastern Sales Team role, giving them Read Only access to the account and the related contact, case, and opportunity objects (they are specific to the account object).

The following are some considerations about sharing rules:

  • If you have multiple sharing rules for a given record, the widest rule is actually applied.
  • You cannot add high-volume users to sharing rules because they don’t have a role.
  • Sharing rules apply to all records (new and old) and are applied to active and inactive users.
  • Sharing rules are also recalculated every time a user enters/exits a role, a territory, or a group or when a user transfers the record to another user.
  • Because sharing calculation can take a while, Salesforce puts in a background calculation job and notifies the user with a system email when the calculation is ready.
  • Lead sharing rules don’t apply to account, opportunity, and contact objects that are generated after lead conversion.

Leave a Reply

Your email address will not be published. Required fields are marked *