Home

    Widget Restriction Rules

    Thursday, June 8, 2023In: Archive Print


    Applicable to ​CustomListRelatedRecordArchivedWidget ​​and ​CustomSingleRelatedRecordArchivedWidget ​​

    Use Widget Restriction Rules to control end-user visibility in Salesforce of specific archived records according to Object Sharing tables.

    Add the Permission Set:​​ Archive Override Widget Restriction Rule​​ t​o allow a user to override the restriction rule and view all records via the widget.

    What are Salesforce Object Sharing Tables?

    Salesforce Object Sharing Tables, often called "Sharing Tables," are like control centers that determine who gets to see what information in Salesforce. Imagine them as digital guardians that store details about who can access specific records and how they can share them. For example, if an organization keeps certain things private, like Cases, there's a special table just for Cases that manages who can see or interact with them. It's a way for Salesforce to keep things organized and secure.

    ​Each object with access set to private, will have its own Object Sharing table.

    Let's say you have two types of data in Salesforce: Cases and Orders. Now, if the access level for Cases is set to private, it means that only authorized individuals or groups should be able to see and interact with specific Case records. In this scenario, Salesforce would create a dedicated Object Sharing table specifically for Cases. This table would manage and control the access permissions for each Case record, ensuring that only the authorized users or groups specified in the sharing rows of the Object Sharing table can view or modify the information related to individual Cases. On the other hand, if the access level for Orders is set to public read/write, it means that information about Orders can be viewed and modified by a broader audience. In this case, Salesforce may not need a dedicated Object Sharing table for Orders since the data is more openly accessible.

    In order to view and check your sharing settings, go to Setup ⇾ Sharing Settings

     


     

    Only when the object sharing settings is set to Private, can you enforce the record-level-access on the archived records on the widget.

    ​​Widget Restriction Rules in Archive​​

    Similar to ​Salesforce Restriction Rules​​, in Archive, we allow logged-in users access to records that were shared according to sharing rules. Once a restriction is applied, the widget user will no longer be able to view certain records.

    The object share is always archived together with the object being archived (master details relationship). When a case has a caseshare assigned, and the widget restriction rule has been defined, that user will not be able to view related records, unless they have been specifically granted access through the caseshare or the permission set ​Archive Override Widget Restriction Rule​​. In this case, we ignore the sharing rule permissions.

    • Archive customers are able to define up to 5 objects to apply sharing restrictions to. 

    Enabling the Sharing Setting Feature

    Prerequisites

    1.  Make sure the Exclude Share Objects feature, under the Archive Settings > Archive tab is disabled.  

    2. Make sure the object required has been archived!

    Getting Started

    1. From Archive Settings > Widget Restriction Rules tab, click the ​+Add Objec​​t to open the dropdown list of available objects to apply the restriction to.

    2. Select the object for sharing. For example, ‘Case Share’
      ​You can click ​Delete​​ to change your selection. This feature is only available prior to clicking Submit.

    3. You can add up to 5 objects. Click ​Add Object.​​

    4. Click Submit All.

    5. The following message appears:

    6. Click Confirm
      Access recalculation and indexing are internal Archive processes.
      A banner appears at the start of the process, and disappears once the new request has been processed.       This may take up to 30 minutes.
       

    The table shows the following:​

    • ​Object Name
    • API Name
    • Created Date
    • End Date
    • Status - Activated, Deactivated, Processing or Not Submitted
    ​Once an object sharing table is selected and submitted, you will not be able to choose another to share. A banner displays that you have reached the limit of Widget Restriction Rules. If you require more than one object, please reach out to your CSM.

    Known Issues & Limitations

    The sharing rule supports the following cases:

    • Shared with a user
    • Shared with a group
    • Shared with a group of a group (up to 5 levels)
    • Changing the Salesforce setting from Public to Private will not impact the widget sharing rule retroactively. Only newly archived cases will have the sharing rule applied. Records archived as public will remain public and be accessible to all users.

    Q&A

    Q: As a system admin, I’ve restricted widget access for end users to Case Share, and now I cannot see the archived Cases on the widget, only through the Archive Search. Is this a bug?

    A: No. The new restriction ONLY respects the object sharing table. The Archive Search does not respect Sharing Rules.

     

    Q: As a system admin, how can I view archived records after I restricted access on Case Share?

    A: All archived records are viewable through the Archive Search. Alternatively, you can assign the Override Widget Sharing Rule permission set.

     

    Q: How do I add Sharing settings to Case children when their Organization-Wide Sharing Defaults (OWD) is Controlled by Parent?

    A: You cannot add sharing to the Case children. To enforce record-level-access on this object, you must restrict access to the Case object via the Sharing Settings. This will ensure that access to child records is according to their parent Case.

     

    Q: If I added sharing settings on the Case, and then I added new sharing rules, would this impact the archived record access?

    A: The answer is very much case dependent. 
    Adding a subgroup to an existing group means the new group will inherit all sharing rules, including access rights to archived records retroactively.
    Creating a new group will not grant retroactive access to records already archived.

     

    Q: I'm a newly onboarded customer. I just added a new policy on Case and I want to restrict access to Case. Why don't I see the Case in the sharing object list?

    A: There are three possible reasons:

    1. The object Sharing Settings is not set to private and did not have sharing rules in Salesforce before archiving the Case record.
    2. You excluded sharing on the Archive Operation Settings.
    3. The Case policy did not run yet.
      To check this, go to the Activities tab.

     

    Q: Can I remove the limitation on the sharing settings?

    A: Yes. This change is immediate, no recalculation is required.

     

    Q: Can I change the object sharing table?

    A: Once an object has been submitted, it is not possible at the moment to change.

     

    Q: I just saved the Case share in the Search Settings. Does the recalculation impact my current OWD for Case sharing?

    A: No. the recalculation is an Archive internal process and has no impact on the OWD of Salesforce.

     

    Q: I added the Widget Search to the Case Share. I’ve just unarchived a Case. What would be the sharing rules of the newly created Salesforce record?

    A: When a record is unarchived, it is added to Salesforce with its current sharing configuration. In this example, a new Case will be added to Salesforce according to the current Salesforce OWD Sharing Settings of the Case object.


     

    « Previous ArticleNext Article »


    Contact Us

    Sometimes you just want to talk to someone. Our customer support team is available by phone:
    Request a Technical Support Call Back

    Submit a Ticket