When I do have multiple Active scoping rules configured, When I try to use them on a list view/Report it doesn't give me an option to choose which scoping rule I want to apply in that particular scenario.
Write an answer...
0/9000
WarningRecord Access (Sharing) Pilots & Betas was archived. To reactivate, contact the group owner Larry Tung.
Group
Record Access (Sharing) Pilots & Betas
Salesforce Record Access Resolutions for 2024 (12 min video)
- Are you ... doing your annual realignment?
- Making big changes to your role hierarchy?
- Making a large number of public group membership or territories?
If you large record volumes, check it out!
And if you have feedback on how long it takes regarding sharing/record access related changes, please let me know!
@Record Access (Sharing) @Record Access (Sharing) Pilots & Betas @Admin Trailblazers
Hi,
We have created several objects linked to Account. Those objects contains sensitive data that should be available only for the account team/account owner and hierarchy.
How can I do that, knowing Account are public read shared ?
I have tried with restriction rules, with public group but it's too much work..
It's there any to plan to add a "is account member/is opportunity member" to the restriction rule conditions ?
Thanks
3 answers
Hello @Claudio BERNARDES, in this situation I would create "Lookup" Account relationship fields in the objects related to the Account. This will allow you to set the Sharing Settings to "Private", and also check the box "Grant Access Using Hierarchies".
Once this is done, you need to create a set of record-triggered flows (both on the "Account" and "Account Team Member" objects), which will create/delete "Share Records" to the relevant child records in the case the Owner of the Account changes, or if Account Team Members are added/deleted. These flows are the ones going to automate the visibility of the records only to the Account Team Members / Account Owners (and because you have the "Grant Access Using Hierarchies" checked in "Sharing Settings", the users above in the hierarchy will also have access to the records).
Here is an example of automating sharing of Case Records: https://www.linkedin.com/pulse/automate-sharing-records-salesforce-using-flow-alekhya-mandadi/
In your scenario, you will need to create the "share" records for the child records based on changes that have happened on the Account / Account Team Members, but the idea is the same.
Let me know if you need any clarification.
Hope this helps!
Hi @Larry Tung/all in the group,
Can someone guide me if there are any timelines or update around "Restriction Rules for Contact Standard Object". ?
I am trying to limit access/visibility of VIP(CXOs) contact details within our Salesforce. I think Restriction rules are awesome way to deal with such scenarios since it is currently unavailable, I am attempting to solve this by restricting Contact OWD to "private" for all & then opening based on Contact Record Type. Something like :
- Contact RT = A --> Read/Write access to set of users + Admins (via Public Groups)
- Contact RT <> A -->Read/Write to everybody else (top down from role & subordinates)
Thanks for any suggestion in this approach & sharing any updates around Restriction Rules on Contact.
4 answers
Manoj Nambirajan (Dell Technologies) 
Forum Ambassador
@Mohit Yadav in that case.. you can go ahead to define sharing rules for now. From object level, you cant have more than 50 odd sharing rule creations.. in your case.. if its very low and if this ask is urgent.. go ahead with sharing rule creation.
Once.. restriction rules for Contact become available.. you can then revisit the sharing rules; delete them via metadata deployment and then create restriction rule accordingly
@Larry Tung - Hi Larry, hope you're doing good!
https://help.salesforce.com/s/articleView?id=sf.security_scoping_rule_create.htm&type=5 -- As per this link from Salesforce Help, I'm unable to find "Scoping Rule" in objects like Account or Opportunity in Object Manager. I've tried giving myself the pre-requisite permissions as required, but still unable to find it.
Also, in the Salesforce Developer guide, it's mentioned that there's on UI yet for configuring Scoping Rules and this needs to be done only via Tooling API or Metadata API, but this contradicts the fact which is written in the link above. So could you please help me clarify the same and advice me how to proceed ?
Thanking you in advance. :)
9 answers
Hope all is going well. Please open a support case for any features that should be working (e.g. in record criteria, why isn't the current user appearing).
For older DE orgs, I do not know if support will enable it for you, but doesn't hurt asking through a support case.
Working on a project setting up different Business Units in an ORG. What are the pro's & con's of Scoping Rules and Divisions for segmenting data by Business Unit?
6 answers
hi @Tom Bassett thanks for writing the blog and sharing it here.
Do you mind making some updates?
Scoping Rules impacts a user if:
- List Views
- Reports
- SOQL
and the list view, report, or SOQL has to:
1. within the List View & Report filter, choose Filter by scope
2. if the SOQL query has: USING Scope ScopingRule
@Dennis Wever, Divisions was initially created to solve for certain large data volume use cases and introduced an indexed "Division" field that is available on certain objects. I had hoped to use Scoping Rules as a way for customers to migrate from Division/Classic. At this point, we are investing in other areas.
This specific group moved from being focused on Scoping Rules to beta/pilot features/questions. At this point in time, I don't have any new beta/pilots to recruit for.
Trying to change it English but unsuccessful
1 answer
If you scroll to the very bottom of the page you should be able to change the language.
Hi folks,
The Spring '23 release notes include Recalculate Account Sharing Rules Faster; I will share more details Jan 10. If you do read the release notes, do you have feedback (besides the "when" - as this should get updated to Jan 10)?
This group (Scoping Rules) has been renamed to Record Access (Sharing) Pilots & Betas.
I also renamed the Restriction Rules group, to Record Access (Sharing), for existing features.
Happy New Year,
-Larry Tung
3 comments
1. same record access with one caveat that may impact <1% of customers.
2. when speaking with customers, there is a group of folks who query the Share tables. If you query the CaseShare with rowCause = ImplicitChild, then you would also be impacted.
The benefit: account sharing recalc will finish much faster.
Here is the promised linkedin article (formatting is worse if not logged in).
Thanks,
Larry
PS: Tom - I'd like a picture too - but haven't yet thought through what set of pictures could help.
The caveat impacting <1% of customers is if you have HVU who own Contact or Case records (see the blog post for more details). HVU = High Volume User (aka someone with a Customer Community license; these users cannot be assigned a role).
Just read about Scoping Rules and i see alot of use cases. But notice it is only for Performance, Unlimited and Developer editions. Was wondering if there were plans to add it to Enterprise edition any time soon? Would be so helpful for us with global instance to be able to default the narrowing of the data. Thanks!
Forum Ambassador
As this is available in Developer Orgs created after April 2022 are there any plans for hands on challenges for Scoping Rules?
5 answers
Hi @Tom Bassett - getting Restriction Rules and Scoping Rules into trailhead is a goal. I don't have an ETA on when we'd make this available; @Dan Sheehan (He/Him), technical writer/customer experience, is aware of the ask! We'll definitely share on the group when it is available.