Overview
In Salesforce, record access is determined by a multi-layered sharing model. Understanding the different sharing mechanisms is crucial for designing secure and scalable applications.
Main Sharing Mechanisms
Salesforce provides several ways to share records. The primary mechanisms are:
1. Organization-Wide Defaults (OWD)
OWD sets the baseline access for all records in an object (Public Read/Write, Public Read Only, Private, etc.). It’s the starting point for access control.
2. Role Hierarchy
Role Hierarchy opens up record access from users higher in the role tree to users below them. It supports the idea of managers having access to their subordinates’ records.
3. Sharing Rules
Sharing Rules open access based on record owner or criteria. They can share with roles, public groups, or territories. They grant either Read Only or Read/Write access.
4. Manual Sharing
Users can manually share individual records with other users, roles, or groups when they have the appropriate permissions.
5. Apex Managed Sharing (Apex Sharing)
When declarative sharing rules aren’t sufficient, Apex sharing allows developers to programmatically create share records using the *Share objects (e.g., CustomObject__Share) and set access via Apex.
6. Teams (Account Teams, Opportunity Teams, Case Teams)
Teams provide a simple way to grant record access to a group of users and assign roles and access levels per record.
7. Manual and Automatic Sharing via Owner
Owner-based sharing (e.g., transfer) and automated processes (Flows/Process Builder) can change ownership or create shares indirectly.
8. Permission Sets & Profiles
Although not sharing mechanisms per se, Permission Sets and Profiles control object- and field-level access which determines if a user can see or edit records once sharing grants access.
9. Territory Management
Territory-based sharing provides complex sharing based on account territories and is useful for sales organizations with geographic or product-based territories.
Summary
In short, Salesforce sharing is achieved via Organization-Wide Defaults, Role Hierarchy, Sharing Rules, Manual Sharing, Apex (managed) sharing, Teams, ownership changes/automation, Permission Sets/Profiles (for object/field access), and Territory Management.
Combined, these mechanisms allow fine-grained control of record visibility in Salesforce.
Category: Interview Questions
Tags: Salesforce, Sharing, OWD, Role Hierarchy, Sharing Rules, Apex Sharing, Permission Sets