Before Restriction Rules our security model had to reflect the access of the user with the least privilege.
Turning this on its head, Salesforce can now handle exceptions!
Join me to learn more about how this feature enables us to hide specific records from certain users. In this session we will apply a real life use case and walk through a demo of the solution.
Come away knowing how to use Restriction Rules in your next project.
3. Salesforce MVP
London’s Calling Organiser
London Women in Tech Group Leader
Well-Architected Ambassador
@LouiseLockie
Trailblazer.me/Louise
Conference Speaker
21x
Louise Lockie
7. #CD2023 @CzechDreamin
Lock Down Access to All & Open Up to a Few
Org Wide Default to Lock Down
Public Read/Write
Public Read Only
Private
Sharing Tools to Open Up
Teams/Manual Sharing
Sharing Rules
Role Hierarchy
10. #CD2023 @CzechDreamin
Restriction Rules break the standard Salesforce sharing setup
Restriction Rules remove record access without having to
“lock it down and open it up again”
The Headlines
11. #CD2023 @CzechDreamin
1. Handling the exceptions to the rule
2. Where Sharing can’t be restricted e.g. ‘Controlled by Parent’
What Are They Good For?
13. #CD2023 @CzechDreamin
• You specify records user(s) CAN see using:
• a field on the object
• You specify the users impacted either using:
• a field on the User object
• a custom permission
How Do We Create Them?
14. #CD2023 @CzechDreamin
• Only available for:
• Contracts
• Tasks & Events
• Custom Objects
• External Objects
• Two Rules per Object for DE & EE, Five for PE & UE
• Only one active rule can be applied to a user
• Classic must be turned off!
Considerations/Limitations
15. #CD2023 @CzechDreamin
• Restriction rules are applied to the following Salesforce features:
• List Views
• Lookups
• Related Lists
• Reports
• Search
• SOQL
• SOSL
• Restriction rules aren’t applied for code executed in System Mode.
• Restriction rules support only the EQUALS operator. The use of AND and OR operators isn't supported.
• The use of formulas isn’t supported.
Considerations/Limitations
17. #CD2023 @CzechDreamin
Learn-More Tech has acquired a new business and is on-boarding
the new division to their Salesforce org.
Both divisions will use a custom object called Trainer, the OWD is
currently Public Read Only but we need to restrict this access so
that the new team members (3 people) only see Trainers related to
their department.
Our Scenario
18. #CD2023 @CzechDreamin
Without restriction rules our option is to change the OWD to Private
and then create the necessary sharing rules to open it up to
everyone who currently has access.
These sharing rules then have to be maintained.
The Solution without Restriction Rules
19. #CD2023 @CzechDreamin
OWD can stay as it is, leaving the existing users unaffected, and a
restriction rule created to cover the new team of 3 people.
The Solution with Restriction Rules
22. #CD2023 @CzechDreamin
Learn-More Tech users use Tasks heavily on Accounts but the OWD
on Account is Public Read Only.
Which means that the Tasks attached to Accounts are automatically
exposed to all users.
Visibility to Tasks has to be restricted so that users can only see
their own.
Our Scenario
26. #CD2023 @CzechDreamin
Main IdeaExchange Post
Restriction Rules | Salesforce Who Sees What Ch. 10
Record Access Sharing Group
An Inside Look at How We’re Addressing Challenges from the
Record Access (Sharing) Roadmap - Salesforce Admins
Record Access Trailmix
Record Access Roadmap (Ideas & comments) Doc
Resources