-
Notifications
You must be signed in to change notification settings - Fork 28
29) Object, Field & Record Security
MAKE SURE TO READ THIS THOROUGHLY! THERE ARE MANY VERY INCORRECT DEFINITIONS OF IMPLICIT SHARING EVERYWHERE! EVEN IN SF DOCS!
Implicit sharing is sharing that is managed/done automatically behind the scenes in Salesforce. This sharing is ONLY relevant to the following standard objects: Account, Case, Contact, and Opportunity. There are many other sources that say this is true for orders, contracts, and other objects, but implicit sharing DOES NOT come into play with any of those objects.
There are two types of implicit sharing, parent implicit sharing and child implicit sharing. We will go over both below.
Parent Implicit Sharing - Parent implicit sharing is when a user gains access to an account parent record (this ONLY applies to accounts) because of their access to an accounts child records. You gain parent implicit shares in the following ways for the following objects ONLY!
- Contract - If you are the OWNER of a contract record, you will gain access to the parent account.
- Order - If you are the OWNER of an order record, you will gain access to the parent account.
- Contact - If you have at least read access to a Contact you will gain access to its parent account.
- Opportunity - If you have at least read access to an Opportunity you will gain access to its parent account.
- Case - If you have at least read access to a Case you will gain access to its parent account.
That's it, there is nothing else for parent implicit sharing, I have tested this very thoroughly with all standard Sales & Service Cloud objects.
Child Implicit Sharing - Child implicit sharing is when a user gains access to child records (Contacts, Contracts, Opportunities, and Case records ONLY!) of a parent Account record (this ONLY applies to accounts) when they are the OWNER of the account record. Unlike parent implicit sharing you actually have the ability to turn most of the object access on and off via your roles. With the exception of Contracts (which have the weirdest sharing model of all), in each role you can determine how you want child implicit shares distributed on an object by object basis for Cases, Opps, and Contacts (this is also the case in territory hierarchies).
DISCLAIMER: I believe a ton of people also include orders and assets in child implicit sharing because by default in sharing settings, orders and assets are set to "controlled by parent" which means record access for those objects are controlled by the Account record they are tied to. However this is completely different from child implicit sharing.