Data Privileges and Access Groups

If you started using the sales application for the first time in release 22B or later, your database resources are secured through system access groups and rules and not through data security policies.

When you assign job roles to users, users are automatically assigned membership of an associated system access group, and receive all the data permissions provided by the access group object sharing rules. The access group object sharing rules specify the access groups that can perform a specified action on an object, and the conditions under which the action can be carried out.

An access group rule is composed of:

• The business object that's being accessed, for example, opportunity.
• An access level that defines the actions permitted on the data. For example, Read or Update access.
• The condition that must be met for access to the business object to be granted. For example, sales managers can view opportunities provided they're in the management chain or are members of the sales team for the opportunity.
• The name of the access group the object sharing rule is assigned to. A rule can be assigned to many access groups.

For additional information about access groups, see the Access Groups chapter and the Configure and Troubleshoot Data Security chapter in this guide.