Ask Search:
Sumit JainSumit Jain 

Role Fields

Today, I came across this page while setting up roles. I googled and got this link https://help.salesforce.com/htviewhelpdoc?err=1&id=user_role_fields.htm&siteLang=en_US

Can somebody help me to understand why do we need to specify these setting while defining roles?? As per my understanding, role is used todefine hierachy that a manger can see his reportees data. Why do we need to define this settings explicilty? Any business scenario to understand the same?

 User-added image
Best Answer chosen by Sumit Jain
Geoffrey FlynnGeoffrey Flynn
Hi Sumit,

I totally get that this part can be a little confusing.  I find myself reading the lines carefullly each time as well.  These questions really are about what happens if they own the account > should they be able to see/edit any associated Cases/Contacts/Opportunities or not.  If no, then you are fine with your question from above.

These settings are very much about their specific accounts, they do not roll up or down the hierarchy.

This is a good one to bookmark as well because looking the other way doesn't always hold true.  The owner of a contact can always see the account
https://help.salesforce.com/HTViewHelpDoc?id=sharing_across_objects.htm&language=en_US

If in doubt, go for a good walkthrough using log-in as other users and the sharing button in a sandbox.  You can get a lot more comfort spending 30min doing this with some test data than you can trying to wrap your head around an explanation from someone else.  Honestly it's true, I've been there.
Here are a few screenshots I'm stealing instead of creating my own from Shell Black, who has some great information there
http://www.shellblack.com/administration/testing/
He doesn't go into the Expand List, but that's a way you can see all users who have access as well.  Beside each one will by a "Why?" button that will tell you the reason they have access.  The Share Button is a great resource for figuring that stuff out, and sometimes the only way to make sense of it in a short amount of time.

Hope that helps!

All Answers

Brian RoffBrian Roff
Sure, one example - you might have a user at the top of the Role Hierarchy, and they would be able to see all records in the hierarchy beneath them, but would not be able to edit the records.  This might be for an Executive user who just needs the access reporting visibility, dashbaords, etc.
Sumit JainSumit Jain
I agree.. But why do you need to specify contacts, opp and case access specifically for a role??
Geoffrey FlynnGeoffrey Flynn
Hi Sumit,
These are objects that are in lookup relationships to Accounts, but are treated much more like a master-detail relationship and that's why specific questions around security are being asked here.  They are closely tied to Accounts and Salesforce applies some custom logic to them (such as supporting some roll-ups) even though they are in lookup relationships.
I hope that helps explain it a little bit.
Sumit JainSumit Jain

Hi Geoffrey,

I am sorry but still not able to understand. My Contact and Account OWD is say Private.

But I can see my Junior's data because of role hierachy.  That means I can see all account and Contacts for which my junior is owner.

Now , If my junior owns an account for which contact is owned by other user, he won't be able to see it as Contact OWD is Private.  RIght? That mean juinor can see and acount but not associated contact(because Contact OWD is private and owned by someone else).

Now, I being his manager will not be able to see that contact..right? Then why do we need to explicitly meniton some radio button settings while defining a role.
 

  • Contact Access Users in this role cannot access contacts that they do not own that are associated with accounts that they do own
  • Users in this role can view all contacts associated with accounts that they own, regardless of who owns the contacts
  • Users in this role can edit all contacts associated with accounts that they own, regardless of who owns the contacts
  • Opportunity Access Users in this role cannot access opportunities that they do not own that are associated with accounts that they do own
  • Users in this role can view all opportunities associated with accounts that they own, regardless of who owns the opportunities
  • Users in this role can edit all opportunities associated with accounts that they own, regardless of who owns the opportunities
  • Case Access Users in this role cannot access cases that they do not own that are associated with accounts that they do own
  • Users in this role can view all cases associated with accounts that they own, regardless of who owns the cases
  • Users in this role can edit all cases associated with accounts that they own, regardless of who owns the cases
     
Geoffrey FlynnGeoffrey Flynn
Hi Sumit,

I totally get that this part can be a little confusing.  I find myself reading the lines carefullly each time as well.  These questions really are about what happens if they own the account > should they be able to see/edit any associated Cases/Contacts/Opportunities or not.  If no, then you are fine with your question from above.

These settings are very much about their specific accounts, they do not roll up or down the hierarchy.

This is a good one to bookmark as well because looking the other way doesn't always hold true.  The owner of a contact can always see the account
https://help.salesforce.com/HTViewHelpDoc?id=sharing_across_objects.htm&language=en_US

If in doubt, go for a good walkthrough using log-in as other users and the sharing button in a sandbox.  You can get a lot more comfort spending 30min doing this with some test data than you can trying to wrap your head around an explanation from someone else.  Honestly it's true, I've been there.
Here are a few screenshots I'm stealing instead of creating my own from Shell Black, who has some great information there
http://www.shellblack.com/administration/testing/
He doesn't go into the Expand List, but that's a way you can see all users who have access as well.  Beside each one will by a "Why?" button that will tell you the reason they have access.  The Share Button is a great resource for figuring that stuff out, and sometimes the only way to make sense of it in a short amount of time.

Hope that helps!
This was selected as the best answer
Sumit JainSumit Jain
Thanks for detailed response Geoffrey. I will try this.