1. Securing Sales and Fusion Service
  2. Create Custom Object Sharing Rules

Create Custom Object Sharing Rules

Once you have created an access group you can create rules to provide the group with access to an object's records.

To create a custom object sharing rule, you specify the type of object access to be provided, the conditions under which the access is provided, and the groups to share the rule with. You then publish the rule to Assignment Manager. Finally, the Perform Object Sharing Rule Assignment Processing task runs to enable the resources in the associated access group to have access to the object records.

This topic describes how to create object sharing rules from an object context. But you can also create a rule in the context of a group when editing the group. For additional information see the topic Create a Custom Access Group.

Here are the steps to create an object sharing rule.

  1. Navigate to the Access Groups page in the Sales and Service Access Management work area.

  2. On the Access Groups page, select the Object Rules tab.

    The Object Sharing Rules page is displayed. From here, you can modify an existing rule or create a new rule to share with an access group.

  3. To make sure that any custom attributes or objects created in Application Composer that are enabled for access groups are available on this UI, select the Synchronize Custom Objects and Fields option from the Actions menu.

    For more information about using custom objects with access groups, see the topic Enable Access Group Security for Custom Objects.

  4. Select the object you want to provide access to from the Object list. For example, select Opportunity.

    For a list of objects supported with access groups, see the topic Overview of Access Groups.

  5. To create a new object sharing rule, click Create in the Rules section.

    The Rules section lists any object sharing rules you previously created for this object and any predefined rules for the object.

  6. On the Create Rule page, enter a Name and Description for the new rule.

  7. New rules are set to Active by default. Deselect the Active check box if you don't want to activate the rule just yet.

  8. In the Conditions section, specify the rule conditions.

    Note: The maximum number of conditions you can define for an object sharing rule is 500.

  9. You can optionally select a predefined condition to use with the custom conditions you're about to create from the Predefined Condition list.

    The Predefined Condition list is only available if this functionality is enabled in your environment. For additional information on this functionality, see the topic Combine Predefined and Custom Conditions in a Rule.

  10. Each condition in a rule is evaluated individually. You can choose whether the rule action applies if any custom conditions are met or only if all custom conditions are met by choosing the appropriate value from the Rule Applies If list.

  11. Enter your first condition. For example, if you want to give group members read access to all opportunities associated with their home country, create a rule with values similar to these:

    Field

    Value

    Object

    Opportunity

    Attribute

    Country (this is a custom field for the Opportunity object)

    Operator

    Equals

    Value

    UK

    Here are some considerations to keep in mind when selecting the attributes to use in rule conditions.

    • By default, not all of the standard attributes for an object are displayed on the Access Groups Create Rule or Edit Rule UIs. To make additional standard attributes available for an object, follow the steps in the topic Enable Additional Attributes for Access Group Object Sharing Rules.

    • Support for the object attributes listed in this table will be discontinued in future releases. When creating conditions, it's a good idea to avoid using these attributes.

      Object

      Attribute

      Resource

      Phone

      Activity

      Account, Asset, Business Plan, Campaign, MDF Claim, Deal Registration, Delegated By, MDF Request, Lead, Opportunity, Enrollment Number, Partner, Program, Sales Objective, Service Request

      Asset

      Asset Owner, Product

      Account

      Type, Favorite, Organization Type

      Opportunity

      Business Unit, Win Probability (RcmndWinProb)

      Deals

      Account Country

      Product

      Eligible for Service

    • Use custom attributes that are based on database columns only. Avoid using custom attributes, such as attributes based on the Formula field, that aren't based on database columns. Support for attributes that aren't based on database columns will be deprecated in future releases.

  12. Enter any additional conditions required to specify the access level you want the rule to provide.

  13. Next, in the Action: Assign Access Group section, click Select and Add from the Actions menu.

  14. Search for and select the access group you want to share this rule with, then click Apply and then Done.

    You can assign a rule to multiple access groups.

  15. In the Access Level field, select the type of object access you want to give group members.

    Access Level

    Access Provided

    Read

    Read-only access

    If you're creating a rule for the Sales Quota Plan object, only the Read access level is supported.

    Update

    Read and update access

    Delete

    Read and delete access

    Full

    Read, update and delete access

  16. Select Save and Close from the Actions menu.

  17. On the Object Sharing Rules page, publish the new rule to ensure that your changes get included in the assignment processing by selecting Publish Rules from the Actions menu.

  18. When the status indicator shows the publish process has completed, click Close.

    The Perform Object Sharing Rule Assignment Processing process automatically runs at scheduled intervals to assign the object rules for the relevant access groups. You can also run the process manually at any time. For information, see the topic Run the Perform Object Sharing Rule Assignment Process.

    Tip: You might want to run the object sharing rule assignment process for an individual record (for each type of object) and confirm the access group rule processing is correct before processing all records for an object.

Rule Publishing

After creating a custom rule, you must publish the rule to make it available for assignment processing. You can publish a new rule in two ways:

  • If you create the rule from the main Object Sharing Rules page (object context), you publish the rule by selecting the Publish Rules option from the Actions menu on the Object Sharing Rules page. Publishing rules this way published rules for all objects (global rule publish).

  • If you create the rule in the context of a group when editing the group, then you can publish the individual rule by selecting Save and Publish from the Actions menu of the Create Object Sharing Rule page (single rule publish).

Related Topics