Create Object Sharing Rules
After you've created an access group, you can create rules to give the group access to an object's records.
You can find more information on how to create and manage access groups in this topic: How do I create and manage access groups?
When you create a custom object sharing rule, you specify:
- The type of access
- The conditions for the access
- The groups to share the rule with
You then publish the rule to the Sales assignment engine so that the group members get assigned to the group.
Finally, the Perform Object Sharing Rule Assignment Processing scheduled process runs to enable access to the object for the salespeople (sales resources) in the access group.
Here are the steps to create an object sharing rule.
- Navigate to the Access Groups page in the Sales and Service Access Management work area.
- On the Access Groups page, select the Object Rules tab.
The Object Sharing Rules page is displayed. From here, you can change an existing rule or create a new rule to share with an access group.
- To make sure that any custom attributes or objects created in Application Composer that
are enabled for access groups are available on this UI, select the
Synchronize Custom Objects and Fields option from the Actions
menu.
For more information about using custom objects with access groups, see the topic Enable Access Group Security for Custom Objects.
- Select the object you want to provide access to from the Object list. For example, select Opportunity.
- To create a new object sharing rule, click Create in the Rules
section.
The Rules section lists any object sharing rules you previously created for this object and any predefined rules for the object.
- On the Create Rule page, enter a Name.
- Deselect the Active checkbox if you don't want to activate the rule just yet.
- In the Conditions section, specify the rule conditions.Note: The maximum number of conditions you can define for an object sharing rule is 500.
- You can optionally select a predefined condition to use with the custom conditions
you're about to create from the Predefined Condition list.
The Predefined Condition list is only available if this functionality is enabled in your environment. For more information on this functionality, see Combine Predefined and Custom Conditions in a Rule.
- Each condition in a rule is evaluated individually. You can choose whether the rule action applies if any custom conditions are met or only if all custom conditions are met by choosing the appropriate value from the Rule Applies If list.
- Enter your first condition. For example, to give group members read access to all
opportunities associated with their home country, create a rule with values similar to
these:
Field Value Object
Opportunity
Attribute
Country (this is a custom field for the Opportunity object)
Operator
Equals
Value
UK
Keep in these points in mind when selecting the attributes to use in rule conditions:
- By default, not all of the standard attributes for an object are displayed on the Access Groups Create Rule or Edit Rule UIs. To make additional standard attributes available for an object, follow the steps in Enable Additional Attributes for Access Group Object Sharing Rules.
- Support for the object attributes listed in this table has been discontinued, so
don't use them.
Object Attribute Resource
Phone
Activity
Account, Asset, Business Plan, Campaign, MDF Claim, Deal Registration, Delegated By, MDF Request, Lead, Opportunity, Enrollment Number, Partner, Program, Sales Objective, Service Request
Asset
Asset Owner, Product
Account
Type, Favorite, Organization Type
Opportunity
Business Unit, Win Probability (RcmndWinProb)
Deals
Account Country
Product
Eligible for Service
- Use custom attributes that are based on database columns only. For example, don't use attributes that are based on a formula field that's not based a database column.
- Enter any other conditions required to specify the access level you want the rule to provide.
- Next, in the Action: Assign Access Group section, click Select and Add from the Actions menu.
- Search for and select the access group you want to share this rule with, click
Apply and then click Done.
You can assign a rule to multiple access groups.
- In the Access Level field, select the type of object access you
want to give group members. The levels and meanings are listed in this table:
Access Level
Access Provided
Read
Read-only access
If you're creating a rule for the Sales Quota Plan object, only the Read access level is supported.
Update
Read and update access
Delete
Read and delete access
Full
Read, update, and delete access
- Select Save and Close from the Actions menu.
- On the Object Sharing Rules page, publish the new rule to ensure that your changes get included in the assignment processing. Select Publish Rules from the Actions menu.
- When the status indicator shows that the publish process has completed, click
Close.
The Perform Object Sharing Rule Assignment Processing process automatically runs at scheduled intervals to assign the object rules for the relevant access groups. You can also run the process manually at any time. For information, see the topic Run the Perform Object Sharing Rule Assignment Process.
Tip: You might want to run the object sharing rule assignment process for an individual record (for each type of object) and confirm the access group rule processing is correct before processing all records for an object.
Publish Rules
After creating a custom rule, you must publish the rule to make it available for assignment processing. You can publish a new rule in two ways:
- If you create the rule from the main Object Sharing Rules page (object context), you publish the rule by selecting the Publish Rules option from the Actions menu on the Object Sharing Rules page. Publishing rules this way published rules for all objects (global rule publish).
- If you create the rule in the context of a group when editing the group, then you can publish the individual rule by selecting Save and Publish from the Actions menu on the Create Object Sharing Rule page (single rule publish).