The organization-wide default sets us a base level for access to the object. We can open the access using role hierarchies and sharing rules. Sharing rules can create automatic exceptions to the organization-wide defaults. We can create sharing rules based on the record owner and field values. We can share the records with users for the objects that are set as Private and Public Read Only using sharing rules. Sharing rules can only expand the sharing of the records, if the records are marked as Private or Public Read Only. If the user can see the records with organization-wide defaults, we can restrict them using sharing rules.
Let's set up the sharing rules:
- Go to Username | Setup | Administrative Setup | Security Control | Sharing Settings.
- Below the organization-wide defaults, there are multiple sections of objects, as shown in the following screenshot:
- We can set the sharing rules based on the criteria of the users, as shown in the following screenshot:
- In step 2, we can choose the sharing based on the record owner or based on criteria. When we choose the sharing based on the record owner, we can set the rules to share records from a public group or role in step 3 to another public group or role in step 4, as shown in the preceding screenshot:
Finally, the last option in sharing is the manual sharing option given to the individual users with full access to a record. It is used if the organization-wide default access for the object is set to Private. This is generally done by a record owner for a single record. Only the record owner and users above the owner in the role hierarchy are granted full access to the record. It is not possible to grant other users full access.
Users with the Modify All object-level permission for the given object or the Modify All Data permission can also manually share a record. User-managed sharing is removed when the record owner changes or when the access granted in the sharing does not grant additional access beyond the object's organization-wide sharing default access level.
Sharing can be a bit complex because we need to fix the complex business problems using different tools, so here is a quick guide to understand sharing:
- The owner of the record can view/edit/modify and delete the record
- If the organization uses sharing and security, the person above the owner can also view/edit the record
- If there is any object that has the sharing settings public read/write or greater, it can be seen/edited
- If the record is private, a user can access it only when there is a sharing rule giving them access or if it is manually shared