Introducing the New and Improved Match My Email Dashboard. View announcement.

Introducing Automated Calendar Sync.
Schedule a demo today.

MME Technology Blog

Salesforce Sharing Rules: How to Safely Expand Data Access

If you get a headache whenever someone mentions sharing data within your organization, it’s time to meet Salesforce sharing rules. The tools we’re about to show you play a crucial role in making data collaboration and sharing easier – without compromising integrity or security.

Whether you are a Salesforce administrator or a business owner looking to optimize data security, our guide will show you what sharing rules are, how they work, and how to set them up in various scenarios.

Ready? Let’s dive in!

Understanding Salesforce Sharing Architecture

At the core of Salesforce’s data-sharing architecture are sharing rules, which define the level of access users have to records. They’re based on a set of criteria and determine who can view, edit, and delete specific records.

Of course, as with many other things in Salesforce, you can customize the Sharing Rules to match how your organization works with data.

The architecture consists of 3 essential parts:

  • Objects and records – Each object represents a specific data type with its own fields and related records. Records are then individual instances of an object. For example, a lead record represents a single lead in your organization, while the lead object represents all leads.
  • Roles and role hierarchyRoles define which types of users can access specific records. The hierarchy is pyramid-like; higher-level roles inherit the permissions of lower-level roles.
  • Sharing rules – If you need to give someone access beyond what they’d typically get in their hierarchy spot, you’ll use Salesforce sharing rules. For example, you can use sharing rules to grant access to records to specific users, public groups, or roles.


What Is the Difference Between Permissions and Sharing Rules in Salesforce?

Permission Sets extend or modify user permissions beyond their profiles, granting additional access to functionalities and system-wide permissions within Salesforce. For example, a sales representative with a standard profile might receive a permission set granting access to a specific custom object used in a particular sales process.

Sharing rules, on the other hand, control record-level access. They extend access to specific records based on predefined conditions. Rules are record-specific, so you’ll typically use them when giving access based on roles, locations, or similar conditions.

For example, a sharing rule might grant users access to a specific group of records based on their department or geographical location.

Now, let’s talk about creating your first Salesforce sharing rule!

Three Essential Types of Salesforce Sharing Rules (and How to Create Them)

Depending on your use case and sharing scenario, you’ll use a different type of Salesforce sharing rule. For example, you might use one of the following three Salesforce sharing rule types:

1. Ownership-Based Salesforce Sharing Rules

You’ll use ownership-based sharing rules when you want to grant access to records based on their ownership. They’re ideal when you want to share records with a specific group of users, regardless of their position in the role hierarchy.

How to Create Ownership-Based Rules in Salesforce

To create an ownership-based sharing rule, follow these steps:

  1. From the Salesforce Setup menu, navigate to the Sharing Settings.
  2. Click on “Sharing Rules” and then “New Sharing Rule.”
  3. Select the object for which you want to create the rule.
  4. Define the criteria for the rule, such as the owner’s role or specific users.
  5. Choose the users, roles, or public groups to share the records with.
  6. Activate the rule.


How to Create Ownership-Based Rules in Salesforce

2. Criteria-Based Sharing Rules

Criteria-based rules allow you to share records based on specific criteria. They look at field values or record types to determine if they can share a record.

Typically, you’ll use criteria-based sharing rules to share records with specific users or groups based on the values of certain fields. For example, you can share all opportunities with a value greater than $10,000 with a particular sales team.

How to Create Criteria-Based Rules

If you want to share records based on their values, follow the next steps:

  1. Go to the Sharing Settings in the Salesforce Setup menu.
  2. Click on “Sharing Rules” and “New Sharing Rule.”
  3. Select the object for the rule.
  4. Define the criteria using the rule criteria builder.
  5. Choose the users, roles, or public groups to share the records with.
  6. Activate the rule.


3. Manual sharing

You can use the manual sharing rule if you want to manually share specific records with other users or groups that wouldn’t usually have access to them.

However, don’t think of manual sharing as a scalable practice. If you often have to share specific records with certain types of users, it’s wiser to implement a new role or group.

How to Manually Share a Record

Here’s the part where we genuinely mean this isn’t a scalable practice. You won’t be creating a rule but an exception to it by directly sharing the record:

  1. Open the record you want to share.
  2. Click on the “Sharing” button.
  3. Select the users or groups to share the record with.
  4. Choose the level of access for each user or group.
  5. Save the changes.


How Do Sharing Rules Work?

The process takes place in three steps.

When a user requests access to a specific record or data within Salesforce, the system first determines whether the user has the necessary permissions. This evaluation starts with the org’s default settings.

For example, your org could set default access to private, which means only the record owner and users with higher roles (or specific permissions) can access the records.

Then, Salesforce looks at the hierarchy of sharing rules. If the org-wide defaults don’t allow the user to access the record, Salesforce will look at specific Sharing Rules to determine if it can grant additional access.

If there are criteria-based rules, Salesforce evaluates them next. For example, a criteria-based rule might allow a certain group access to records related to a particular product line.

After the criteria-based rules, Salesforce will evaluate owner-based rules.

Finally, if the process meets all the conditions, Salesforce grants access. It figures out which rule(s) apply and then gives access at the record level. This means some may only view records, while others may modify them.

Best Practices

Neither Rome nor good sharing rule policies were built in a day. However, there are some golden rules you can follow to help you get started properly:

1. Define Data Sharing Policies

Who has access to what? Before creating your first rule, align your organization and compliance requirements.

As your organization grows, tracking who gets access will become more complex, so establish guidelines on who should have access to certain types of data.

Add updates to your data-sharing policy, so everyone stays in the loop whenever you make a change.

2. Use Roles and Role Hierarchy to Help You

You don’t have to set up a sharing rule every single time. Instead, try using roles and the role hierarchy to define the access levels for different users.

3. Put a Cap on the Number of Sharing Rules

The more rules you have, the harder it is to maintain them. Keep them to a minimum by only using them when you can’t use the role hierarchy. And if you often have to create the same rules, look into setting up new roles.

Salesforce Sharing Rules Best Practice

4. Regularly Audit and Update Your Rules

As your organization changes, so should your rules. Remove any outdated or unnecessary rules, and update existing rules. Keep an eye on your access logs, too, to ensure that no one unauthorized is trying to access your organization.

And while we’re at it, map your rules – especially if their number grows. Otherwise, you could see issues with rule conflicts.

5. Test Any Changes

Since rules affect the visibility of your data (and, consequently, its security), make sure you test your rule changes in a sandbox or a testing environment before pushing them to production. This will ensure everything is performing as expected and there aren’t any unforeseen issues.

At the end of the day, you’ll also create your internal best practices. Jot them down and create an internal guidebook that administrators and org owners can reference (and update) for years to come!

Sharing Is Caring, or Is It?

As we talk about the flashier features of Salesforce, we often forget about the basic administrative work that makes everyone’s lives easier. Salesforce sharing rules are another powerful feature that works in the background to help your team access the right information at the right time.

In this guide, we’ve covered the basics of Salesforce sharing rules, as well as the best practices you should keep in mind during implementation. So remember to pick the right type, and then regularly review them to make your sharing rules stand the test of time!

Try Match My Email today.