Create Custom Object Sharing Rules
Once you have created an access group you can create rules to provide the group with access to an object's records.
To create a custom object sharing rule, you specify the type of object access to be provided, the conditions under which the access is provided, and the groups to share the rule with. You then publish the rule to Assignment Manager. Finally, the Perform Object Sharing Rule Assignment Processing task runs to enable the resources in the associated access group to have access to the object records.
This topic describes how to create object sharing rules from an object context. But you can also create a rule in the context of a group when editing the group. For additional information see the topic Create a Custom Access Group.
Here are the steps to create an object sharing rule.
-
Navigate to the Access Groups page in the Sales and Service Access Management work area.
-
On the Access Groups page, select the Object Rules tab.
The Object Sharing Rules page is displayed. From here, you can modify an existing rule or create a new rule to share with an access group.
-
To make sure that any custom attributes or objects created in Application Composer that are enabled for access groups are available on this UI, select the Synchronize Custom Objects and Fields option from the Actions menu.
For more information about using custom objects with access groups, see the topic Enable Access Group Security for Custom Objects.
-
Select the object you want to provide access to from the Object list. For example, select Opportunity.
For a list of objects supported with access groups, see the topic Overview of Access Groups.
-
To create a new object sharing rule, click Create in the Rules section.
The Rules section lists any object sharing rules you previously created for this object and any predefined rules for the object.
-
On the Create Rule page, enter a Name and Description for the new rule.
-
New rules are set to Active by default. Deselect the Active check box if you don't want to activate the rule just yet.
-
In the Conditions section, specify the rule conditions.
Note: The maximum number of conditions you can define for an object sharing rule is 500. -
You can optionally select a predefined condition to use with the custom conditions you're about to create from the Predefined Condition list.
The Predefined Condition list is only available if this functionality is enabled in your environment. For additional information on this functionality, see the topic Combine Predefined and Custom Conditions in a Rule.
-
Each condition in a rule is evaluated individually. You can choose whether the rule action applies if any custom conditions are met or only if all custom conditions are met by choosing the appropriate value from the Rule Applies If list.
-
Enter your first condition. For example, if you want to give group members read access to all opportunities associated with their home country, create a rule with values similar to these:
Field
Value
Object
Opportunity
Attribute
Country (this is a custom field for the Opportunity object)
Operator
Equals
Value
UK
Here are some considerations to keep in mind when selecting the attributes to use in rule conditions.
-
By default, not all of the standard attributes for an object are displayed on the Access Groups Create Rule or Edit Rule UIs. To make additional standard attributes available for an object, follow the steps in the topic Enable Additional Attributes for Access Group Object Sharing Rules.
-
Support for the object attributes listed in this table will be discontinued in future releases. When creating conditions, it's a good idea to avoid using these attributes.
Object
Attribute
Resource
Phone
Activity
Account, Asset, Business Plan, Campaign, MDF Claim, Deal Registration, Delegated By, MDF Request, Lead, Opportunity, Enrollment Number, Partner, Program, Sales Objective, Service Request
Asset
Asset Owner, Product
Account
Type, Favorite, Organization Type
Opportunity
Business Unit, Win Probability (RcmndWinProb)
Deals
Account Country
Product
Eligible for Service
-
Use custom attributes that are based on database columns only. Avoid using custom attributes, such as attributes based on the Formula field, that aren't based on database columns. Support for attributes that aren't based on database columns will be deprecated in future releases.
-
-
Enter any additional conditions required to specify the access level you want the rule to provide.
-
Next, in the Action: Assign Access Group section, click Select and Add from the Actions menu.
-
Search for and select the access group you want to share this rule with, then click Apply and then Done.
You can assign a rule to multiple access groups.
-
In the Access Level field, select the type of object access you want to give group members.
Access Level
Access Provided
Read
Read-only access
If you're creating a rule for the Sales Quota Plan object, only the Read access level is supported.
Update
Read and update access
Delete
Read and delete access
Full
Read, update and delete access
-
Select Save and Close from the Actions menu.
-
On the Object Sharing Rules page, publish the new rule to ensure that your changes get included in the assignment processing by selecting Publish Rules from the Actions menu.
-
When the status indicator shows the publish process has completed, click Close.
The Perform Object Sharing Rule Assignment Processing process automatically runs at scheduled intervals to assign the object rules for the relevant access groups. You can also run the process manually at any time. For information, see the topic Run the Perform Object Sharing Rule Assignment Process.
Tip: You might want to run the object sharing rule assignment process for an individual record (for each type of object) and confirm the access group rule processing is correct before processing all records for an object.
Rule Publishing
After creating a custom rule, you must publish the rule to make it available for assignment processing. You can publish a new rule in two ways:
-
If you create the rule from the main Object Sharing Rules page (object context), you publish the rule by selecting the Publish Rules option from the Actions menu on the Object Sharing Rules page. Publishing rules this way published rules for all objects (global rule publish).
-
If you create the rule in the context of a group when editing the group, then you can publish the individual rule by selecting Save and Publish from the Actions menu of the Create Object Sharing Rule page (single rule publish).