More than 5 years ago, we wrote about Sharing Button URL, where you can check Sharing Detail and Access, which is useful to troubleshoot why a user is able to view or edit a record.
On the Sharing Detail page, it will show you all User, Public Group, Role, Role and Internal Subordinates and the access level. In this blog I am using Opportunity as a sample, Opportunity visibility in my org is Private.
https://johantest.my.salesforce.com/p/share/OppSharingDetail?parentId=0062H0000123456QAN
We can get the same result from SOQL: SELECT Id, OpportunityAccessLevel, RowCause, UserOrGroupId FROM OpportunityShare WHERE OpportunityId = '0062H0000123456QAN' ORDER BY UserOrGroupId
Let us compare from Sharing Detail page:
- Sharing Detail #1 = SOQL row #7, reason = Account Sharing which = Implicit Child [in Account Sharing Rules, to Role]
- Sharing Detail #2 = SOQL row #6, reason = Opportunity Sharing Rule which = Rule [in Opportunity Sharing Rules, to Role and Internal Subordinates]
- Sharing Detail #3 = SOQL row #5, reason = Account Sharing which = Implicit Child [in Account Sharing Rules, to Role and Internal Subordinates]
- Sharing Detail #4 = SOQL row #4, reason = Opportunity Sharing Rule which = Rule [in Opportunity Sharing Rules, to Public Group]
- Sharing Detail #5 = SOQL row #1, reason = Account Sharing which = Implicit Child [User is Account Owner]
- Sharing Detail #6 = SOQL row #2, reason = Owner which = Owner [User is Opportunity Owner]
- Sharing Detail #7 = SOQL row #3, reason = Opportunity Team with Split which = Team [User in Opportunity Split]
- Sharing Detail #8 = SOQL row #8, reason = Account Sharing which = Implicit Child [in Account Sharing Rules, to Public Group]
Access level comparison:
- In Sharing Detail, Full Access = All in SOQL
- In Sharing Detail, Read/Write = Edit in SOQL
- In Sharing Detail, Read Only = Read in SOQL
Copy from Sharing Detail
- Full Access - User can view, edit, delete, and transfer the record. User can also extend sharing access to other users.
- Read/Write - User can view and edit the record, and add associated records, notes, and attachments to it.
- Read Only - User can view the record, and add associated records to it. They cannot edit the record or add notes or attachments.
- Private - User cannot access the record in any way.
Summary:
- Sharing Detail page will only show User, Public Group, Role, Role and Internal Subordinates, but does not show: users in the higher role hierarchy of another user, users in the higher role hierarchy of a role hierarchy, users in the higher role hierarchy of user in Public Group. Click the Expand List button to see each user, access level, and the why.
- Query to OpportunityShare will show the same thing as on Sharing Detail page, so you can't just depend on OpportunityShare to determine all users that have access to a record.
Reference:
No comments:
Post a Comment