This simple example shows how access to certain data can be controlled by a group and sharing rules.
Let us assume we have a sales team as shown in Figure: Example Sales Team 1. The Sales Manager is the supervisor for Person 1 and 2 which are members of the group “Team A”.
Let us also assume we would like to have the following rules for Leads implemented:
Person 1 and Person 2 have the permission to create Leads that are owned by Person 1 or Person 2 or both
If a Lead is owned by a single Person the other Person will have no access privileges to this Lead
The Sales Manager has all access privileges to all Leads
In order to implement these rules, we have to implement the following setup:
At Default Organization Sharing Access we set the Global Access Privileges for “Leads” to Private:
This will cause that users cannot access other users Leads.
Create one common profile for Person 1 and 2 and the Sales manager: We need only one profile, called “Sales” that should include all CRUD privileges for Leads.
Create two roles:
We need one role for the Sales Manager and one subordinated role for Person 1 and 2. Both roles are based on the “Sales” profile. Since the role of the Sales manager is superior to the role of Person 1 and 2 the Sales manager has all CRUD privileges.
Create one group of users:
This group is called “Team A” with the members Person 1 and Person 2. Now, if Person 1 or Person 2 creates a Lead they can assign the owner of this Lead. If “Team A” is assigned as the owner of the Lead, Person 1, Person 2 and the Sales manager can access the Lead. When the ownership is changed to any one member in the group (Person 1 or Person 2) then only that member and the Sales manager can access the Lead.