In Salesforce, you have two approaches to give user access to certain records.
- Use the “least privilege” model. This means settings the object to Private and then creating a Sharing Rule to provide access to specific users or groups
- Use restriction rules to remove access to certain records for specific users or groups
When deciding which approach to use, consider this: users with the View All Records or View All Data permissions can view all records regardless of restriction rules.
Keep in mind that it’s quite possible that senior staff or super users often have this “View All” on Opportunities to run reports.
Given this huge exception, the first approach is the “right” approach every time.
The takeaway
Unless you have a very specific design that accounts for restriction rules, choose the “least privilege” model.
Category:
Salesforce