Setup: Record Access

Owned by Jhetah Mae Leornas
Last updated: Oct 30, 2024
4 min read

Org-Wide Defaults

Set all objects to Private/Controlled by Parents and only share records with other users via Sharing Rules. This would be the base record access for each user where they can only see records they owned and records that are shared with them via sharing rules.

 

image-20240923-030502.png

 

image-20240923-030512.png

 

Roles Setup

This directly influences the organization's Sharing Settings (OWD and Sharing Rules) to establish the access levels for users.

Public Groups

 A public group for all the staff of a certain school. You must create a public group for each school/university/department in a multi-school setting. This will also be used in the sharing rules setup for school-wide record access (e.g. read access to all students in a specific school).

Integration Users:  A public group for all the staff of a certain school. You must create a public group for each school/university/department in a multi-school setting. This will also be used in the sharing rules setup for school-wide record access (e.g. read access to all students in a specific school).

Assignments

  • Add all users to their designated School public group.

    • Currently, there is a public group named School: ACC Marsden Park in CEM org, all users under ACC Marsden Park should be added to it.

  • All Year Advisor and Stage Coordinator users must be added to their respective grade-level public groups.

    • E.g. John Doe is the designated Stage Coordinator to Grade Levels 2 and 3 students of ACC Marsden Park, thus, John Doe should be added to the [ACC] Grade Level: Year 2 and [ACC] Grade Level: Year 3 public groups. Please note that in a multi-school setting, all grade-level public groups should be created for each school. The reason behind this is that this public group is used in sharing rules that will satisfy this requirement the stage coordinator/year advisor should not have access (or visibility) to the confidential records of other schools.

Automations Required for Sharing Rules Multi-School Setup

Not available yet

Sharing Rules

Account Sharing Rules

Session Sharing Rules

Asset Sharing Rules

Cohort Sharing Rules

Day Attendance Sharing Rules

Kiosk Definition and Kiosk Reason Sharing Rules

PosiEd Log Sharing Rules

Wellbeing Involvement Sharing Rules

Confidential Document Sharing Rules

Design Considerations

  • Formula field is not supported in sharing rules

  • We can't use relationship fields in sharing rules

  • We can't use multi picklist in sharing rules

  • We can create a boolean formula field on an object where we can check if the logged-in user has the same school code on the viewed record but we don't have a way to get the updated value of that formula field when being recalculated

    • We could create a trigger on the same object to get the value of the formula field and duplicate that value to a text field but the record should fire an update action - which is not ideal.

  • We can only reference one public group in a single-sharing rule

    • This means we can't set both grade level and school public groups in one setup. If we create a sharing rule for a specific grade level that means it will enable all user under that public group to see records only in their designated level regardless of what school. If we create a sharing rule for a specific school this means all users can see data related to that school regardless of what grade level. We can only choose one or the other, not both.

  • We can only set a maximum of two restriction rules per object.

    • This means that it is not recommended to utilize this feature if a certain organization has more than 2 schools.

  • Restriction only supports one criteria and only supports limited field data types.