@Larry Tung Could you provid an update for this idea? https://ideas.salesforce.com/s/idea/a0B8W00000GdoxRUAR/restriction-rules-for-emailmessage-standard-object
We really need it!
Thanks!
Mark Bruso
Write an answer...
0/9000
Group
Record Access (Sharing)
I am trying to create a restriction role on the Event Object with a Record Criteria based on Current User. The "Current User" type does not show up in the picklist, though (it does show up in the User Criteria):
This is our first restriction rule, so not sure if it's a setup issue. What could the problem?
On the help site, there are examples that include the Current User type also in the Record Criteria:
Thanks and any comments are appreciated!
4 answers
Yes, the documentation on this is limited. It would be best to reach out to Salesforce Support for clarification.
As a workaround, you can create a Text field and populate it with the Picklist value (via Flow, Apex, or a formula field, depending on your use case) to achieve the required behavior.
Hello Trailblazers! As we go GA in Winter ‘22, we want to hear your feedback.
Standard objects may have unique behaviors that we need to ensure are working with Restriction Rules. I have created a set of ideas based on feedback shared in the trailblazer community for standard objects; this way, the object owners can see and respond to your feedback. Please follow these links to upvote and and comment.
- Account
- Contact
- Case
- Opportunity
- Product2
- Asset
- EmailMessage
- Lead
- External Objects (those using OData 2 & 4 is available since Summer '22)
We are also interested in what areas you’d like to see additional investment in and what use cases this will unlock for you. Where should we invest in Restriction Rules such that the user or record criteria supports:
- AND operator
- OR operator
- IN operator (do you usually think of this as CONTAINs?)
- cross object lookup aka spanning fields (today we support a single level for record criteria)
- picklists (delivered as part of Spring '22 & Summer '22)
- formula (thank you Benjamin Bratcher for creating this idea)
========
(original post tweaked) On Sept 10, from 11:15am -12:30pm PDT, we'll be answering your questions live during the Winter '22 RRL Admin Preview! We’ll cover the latest enhancements for Flow, Dynamic Interactions, Security Center, restriction rules, + more! Register here #AwesomeAdmins #AwesomeAdmins #AwesomeAdmins #AwesomeAdmins#AwesomeAdmins → https://sforce.co/2Vokqte
https://www.salesforce.com/form/event/release-readiness-winter-22/
10 comments
Requirement
My client has multiple Business Units and all BUs need Read Only access to ALL accounts but these BUs are competitive in nature and they should not be able to view each other activities. I understand if they have access to account they can see all activities but I want to restrict the visibility of all activites tasks, events and emails based on the BUs.
I can only create 2 restriction rules per object, therefore, can't use all the BUs to restrict activities. Also can I restrict visibility of emails using restrictions rules?
What other solutions I can provide my client to meet this requirement?
7 answers
@James Prevallet how were you able to overcome this? I am experiencing a similar requirement and have the same challenge.
I have the following objects:
- X__c (Master-Detail )
- Y__c (Master-Detail )
- XY__c (Junction object between X and Y)
- Additionally, I have another object that stores Zone__c and Region__c.
- On the User object, I also have Zone__c and Region__c fields.
- On the Y__c object, I also store Zone__c and Region__c values, but X__c does not have Zone or Region fields.
My role hierarchy is designed as follows:
- Zone level → Branch Manager (e.g., Central, Northern, Southern, Eastern)
- Region level → 4 states grouped under each zone
The challenge is:
👉 I need to share
X__c records with users based on their Zone and Region, but since X__c has no direct Zone/Region field
, I’m not sure how best to set this up.
Questions:- What are the best practices to implement record sharing for this scenario?
- Should I denormalize data (e.g., copy Zone/Region from Y__c to X__c via automation) or rely on junction object relationships for sharing?
- Is Apex Sharing a better option here compared to OWD + Sharing Rules?
- How do I align this with the role hierarchy for secure but efficient access?
1 answer
Role Hierarchy determines record access based on Ownership.
So who owns these X__c records?
Hi All,
Is there any reason I am not seeing Restriction Rules option in one of the Orgs I am supporting? I see the option for the same object in my Developer Org and another Production instance. Any help is much appreciated.
Thanks!
22 answers
Andrew Russo (BACA Systems) 
Forum Ambassador
Hi Carlos,
Couple suggestions:
1) if your org is a DE org created after April 2022, it should be enabled by default. if your DE org was created earlier, then you will need to create a new DE org (or trailhead playground org).
2) if you're referring your a non-DE org (EE, UE, Performance edition), then submit a case to support and they will enable it for you.
We noticed that there are a number of EE, UE, or Performance Edition orgs where Restriction Rules (and Scoping, for UE & Performance Edition) weren't enabled by default. The engineering team plans to resolve this, so customers who should have it enabled but don't, do not need to reach out to support. However, this fix will come either in Winter '24 or Spring '24 release (forward looking statement).
@Andrew Russo's comment about "please make sure your perm set you have has the View Restriction and Scoping Rules permission on it" only is applicable if your user does not have Manage Sharing.
When you look at our documentation, the permission that gives create/edit, also gives you the option to "view."
Andrew - can you update your comment with some of the info I've shared here such that folks hitting issues don't wait for someone to say "yes, please contact support."
The current "best answer" may only be accurate for one circumstance, specifically the user doesn't have "Manage Sharing."
Hi,
As the title suggests, where are they?
Unlimited Org - check
Permissions - check
I see lots of old posts regarding the same issue, but this is now 2025 so I thought there would be no problems by now? I can see them in my own private Dev org too, but not in my work org.
Any ideas, or should this go straight to SF help?
Thanks
5 answers
For anybody else facing this issue now or in the future, I reached out to SF and made a case and they had to enable it.
Seems orgs can be left out with Scoping Rules not being automatically available.
I belong to a Business Unit that needs to restrict User access to specific Opportunities within shared Accounts, e.g. Account X has many Opportunities and some of them should only be viewed or accessed by certain Users. Is this possible and what would be the best/simplest way forward? Could the sensitive Opportunities be tagged with a custom field and then Restriction Rules be established to limit which Users can view/edit said Opportunities? If so, any advice on how a relatively naïve user could start this process (there are literally hundreds of Restriction Rule videos out there and advice on filtering them would be appreciated)? If Restriction Rules is not the way to go, any advice on how to proceed?
Thanks in advance!
1 answer
Vuk Stajic (MVRK Inc.)
Forum Ambassador
Please see a similar question with relevant answer:
https://trailhead.salesforce.com/trailblazer-community/feed/0D54V00007T4NDeSAN
Hi folks!
Did you catch @Cheryl Feldman talking about The Future of User Access at TDX ’24? Were you inspired by @Jamin Hall sharing how Einstein Copilot saves you time troubleshooting (see timestamp 27:35-28:37)?
Help us help you, by telling us how you would interact with Einstein Copilot in this survey.
Thank you,
Larry Tung
@The Future of User Management
#Salesforce Admin@* Salesforce Administrators * @Record Access (Sharing) @Tuhina Koppikar @Sanghoon Oh
For use in an experience cloud site, I want users to be able to submit leads and track them as they go through the internal sales process.
1 answer
Sushil Kumar (UKG)
Forum Ambassador
Potential solution could be using flow or apex to create leadshare record for record creator when lead is created. Only challenge here is that when lead owner changes, lead share record gets deleted, so you will need another process or same flow to recreate the record when owner changes.