Security and sharing play a major role in an Organization. Information should be shared among the users without violating the security concerns. All the users in an organization need not access all the information, a user needs to access the information which is relevant to him. This can be achieved through Roles, Profiles, Permission sets, Organization-wide sharing defaults and sharing rules. In this article, we are going to see how a ‘Role’ can be used to provide access to different users.
Roles in Salesforce:
Role represents the hierarchical model of an organization. It’ll not give any permissions to users. It tells who has to report to whom. The same role can be given to multiple users and they may or may not have the same permissions. A Role can be assigned to the user at any point of time.
Below is the default Role hierarchy provided by Salesforce:
In the above figure, the Executive staff is at the top of the hierarchy. They can view/edit/delete the data which is owned by their subordinates. They can’t view/edit/delete the data which is owned by the users who are at the same level.
Example: CEO can View/edit/delete the data owned by Fortune 1000 Director, Fortune 1000 Rep, Mid-Market Director, Mid-Market Rep, Soho Sales Director and Soho Rep. CEO can’t access the data owned by President, CFO, VP and Sales who are on the same level of the hierarchy.
If the default role hierarchy fulfills your business requirement, that can be used in your organization. Salesforce has a privilege to create a custom role hierarchy according to your business requirement.
Steps to Create a Role Hierarchy in Salesforce:
1. Navigate to Setup -> Administer -> Manage Users -> Roles. Above Role hierarchy screen will be shown
2. Click on ‘Set Up Roles’ Button. You’ll be navigated to below page
3. In the above screen, the ‘tree view’ of role hierarchy is shown. Here, I’ve given the organization name as ‘Veon’. So, ‘Veon’ is showing at the top of the hierarchy.
Changing Organization Name-
4. Organization name can be changed by navigating to setup -> Administer -> Company Profile -> Company Information. Below screen will be shown:
5. Click on the ‘Edit’ button and change the ‘Organization Name’. That will be shown on the top of the hierarchy.
Deleting Role Hierarchy-
6. If you want to change the role hierarchy, delete the existing hierarchy and create your custom hierarchy. You can delete a role by clicking on ‘Del’ link which is existing adjacent to Role.
7. Now, I want to create a new role hierarchy. So, I’m deleting the existing role hierarchy. While deleting the hierarchy, you’ve to delete the Subordinate roles first and then main roles.
8. When you try to delete the parent role before deleting child role it’ll throw an error. Here, I’m trying to delete ‘Recruiting Manager’ without deleting the ‘Recruiter’. Below screen is shown:
9. First, delete the child roles then delete parent roles. Below is the screenshot after deleting all the roles:
10. Now, we can create our own role hierarchy. I want to create the below hierarchy:
11. First, create ‘Managing Director’ by clicking on ‘Add Role’ link which is shown in the above role hierarchy screen. On clicking ‘Add Role’, you’ll be navigated to below screen:
12. Provide the details and click on Save. I’m providing the details as shown below:
- Label: Managing Director
- Role Name: Managing Director
- This role reports to: As Managing Director is top in the role hierarchy, reporting to will be organization name
- Role Name as displayed on Reports: I’m giving it as ‘MD’After clicking on save, you’ll be navigated to below page13. After clicking on save, you’ll be navigated to below page
13. After clicking on save, you’ll be navigated to below page:
14. Now navigate to role hierarchy, below screen will be shown:
15. In the above screen, you can see the ‘Managing Director’ role which is created. Now, I’m creating a child role for ‘Managing Director’. To create this, click on the ‘Add Role’ link which is under ‘Managing Director’ Role shown above. You’ll be navigated to below screen:
17. After creating all the roles, the resulting role hierarchy is given below:
18. From the above role hierarchy
a. When reporting is considered
- General Manager will be reporting to the Managing Director
- Marketing Head and Sales Head will be reporting to the General Manager
- IT Admin will be reporting to the Managing Director
b. When record access is considered
- General Manager and Admin are at the same level of hierarchy but, they will not have same permissions
- Marketing Head and Sales Head are at the same level of hierarchy but, they will not have same permissions
- Managing Director can access the records which are accessed by all the users.
- General Manager can access the records which are accessed by Marketing Head and Sales Head but not IT Admin
In this way, we’re providing security to data by restricting/providing access to particular users. We can also disable access to records through ‘Role Hierarchy’ by disabling ‘Grant Access Using Hierarchies’ checkbox in Organization-wide Sharing Defaults.
Steps to disable Grant Access Using Hierarchies:
- Navigate to Setup -> Administer -> Security Controls -> Sharing settings. You’ll be navigated to below screen
- You can see the list of standard and custom objects created in your organization. You can disable hierarchies only for custom objects. So, disable ‘Grant Access Using Hierarchies’ checkbox for the custom objects for which you don’t need to assign permission using role hierarchy.
- Here, I have a custom object ‘Candidate’. I’m disabling the checkbox for this custom object. Click on ‘Save’ button.
Roles control record-level access through role hierarchy and sharing rules. We can also control access in Salesforce using Profiles, Permission sets, Organization-wide sharing defaults and sharing rules.
Now, you can easily integrate your Salesforce CRM with the back-end ERP system to automate the business process!