Pages

Tuesday, January 6, 2015

Salesforce: Activity Visibility Controlled by Parent

In Salesforce, for Activity objects (Task & Event), there are only 2 options in the Organization-Wide Defaults sharing setting:
  • Controlled by Parent
  • Private



Private
Only the activity owner (labeled as Assigned To) and users above the activity owner in the role hierarchy can edit and delete the activity.
Users with Read access to the record to which the activity is associated (Name and Related To) can view and report on the activity.

Controlled by Parent
A user can perform an action (such as view, edit, transfer, and delete) on an activity based on whether he or she can perform that same action on the records associated with the activity.

For example, if a task is associated with the Acme account and John Smith contact, then a user can only edit that task if the user can edit the Acme account and the John Smith contact.

The "parent" of the activity record is:
  • Who Id (Name): Contact and Lead
  • What Id (Related To): Account, Opportunity, Case, Campaign, Asset, and custom objects with Allow Activities enabled.
Scenario: Task is assigned to other users and
  1. Both Name and Related To are blank --> unable to open the Task.
  2. The Name is linked to a Contact the user cannot access, and the Related To is blank --> unable to open the Task.
  3. The Name is blank, and the Related To is linked to an Opportunity that user cannot access  --> unable to open the Task.
  4. The Name is linked to a Contact the user can access, and the Related To is blank --> able to open the Task.
  5. The Name is blank, and the Related To is linked to an Opportunity that user can access  --> able to open the Task.
  6. The Name is linked to a Contact the user is unable to access, and the Related To is linked to an Opportunity where user can access  --> unable to open the Task.
  7. The Name is linked to a Contact the user can access, and the Related To is linked to an Opportunity where user cannot access  --> unable to open the Task.
  8. The Name is linked to a Contact the user can access, and the Related To is linked to an Opportunity where user can access  --> able to open the Task.
In summary, check this table:


The same applied for permission to edit the Task; the user needs to have edit access on both records or one of them if Name/Related To is blank.


To edit a task, the user needs to have Edit Tasks permission defined in the Profile or Permission Sets and to edit an event, the user needs to have Edit Events permission defined in the Profile or Permission Sets. Both permissions are located under General User Permissions in the profile, or this permission can also be assigned to specific users using the Permission Set.

When a user creates a task/event, regardless of the parent of the task/event owner, the default task/event will be assigned to the current user, not based on the parent record owner.

When the user is assigned to a task/event, the user is able to access and edit the task/event (the user needs to have Edit Tasks/Edit Events permission to edit the task/event), regardless of the OWD sharing setting for Activity, and even user does not have access to the parent record of that Activity record. This edit access will include users in the higher role hierarchy of the assigned user.

Tasks or Events are special objects; there is no object permission in the profile, so you will not see permission settings of Read, Create, Edit, Delete, View All, and Modify All. Although Task and Event Tab, Record Type and Page Layout Assignment exist in the profile setup.

Permissions related to View an activity:
  • Be assigned to the activity, or
  • Be above the user assigned to the activity in the role hierarchy or
  • Have at least read access to the record to which the activity is associated or
  • Have the “View All” object-level permission in the related record or
  • Have the “View All Data” permission

Create an activity:
  • Have the “Edit Tasks” and “Edit Events” permissions, AND
  • Have at least read access to a record if associating the activity with another record

Edit or Delete an activity:
  • Have the “Edit Tasks” and “Edit Events” permissions, AND
  • Be assigned to the activity, or
  • Be above the user assigned to the activity in the role hierarchy or
  • Have the “Modify All” object-level permission in the related record or
  • Have the “Modify All Data” permission

View, add and edit events on other users’ calendars:
  • Have the “Edit Tasks” and “Edit Events” permissions to create and edit activities AND
  • Have access to the user’s calendar, which depends on your organization-wide calendar sharing defaults and how the user has set up individual calendar sharing.

Note:
Events marked as private via the Private checkbox are accessible only by the user assigned to the event. Other users cannot see the event details when viewing that user’s calendar. 
However, users with the “View All Data” or “Modify All Data” permission can see private event details in reports and searches or when viewing other users’ calendars.


Tip:
The user who is assigned to an activity in the Assigned To field is often referred to as the “activity owner”.



Reference:


2 comments:

  1. How can this be enabled for community users reports. I have provided the read access for all fields in actvity custom fields, tasks, events in a community profile but still when the user tries to run a report he faces insufficient prevelges.
    @Johan Yu
    Can you kindly let me know how to make a customer user run reports on Activity object with a custom report type?

    ReplyDelete
    Replies
    1. I am not working with community users, but have you check this https://help.salesforce.com/articleView?id=sf.networks_enable_report_options.htm&type=5

      Delete