I have created an integration profile CORE_AKTANA_DI through which data for objects will be loaded into my Salesforce instance through a third-party user. I have provided "View All" permission for all objects to that profile. However, since this is a global Salesforce org, hence, there is data for other countries as well in this instance. I want the user with the profile to see only data of France i.e with country "FR". In this case, my only choice is to: Remove the "View All" permission of the profile from all objects. Give the user a role such as "FR-Corp". Create sharing rules for all objects with "Private" OWD and share with this role. The problem is that since this is an integration profile, I cannot assign a role to the user with this profile. Also, it is not plausible to create sharing rules since there are a lot of objects with private OWD. Same problem occurs by assigning the user to a public group, i.e a lot of sharing rules need to be created. In this case, please suggest me the easiest possible options.

Reputation: 1

How to restrict a user to access for specific object records without role in Salesforce

I have created an integration profile CORE_AKTANA_DI through which data for objects will be loaded into my Salesforce instance through a third-party user. I have provided "View All" permission for all objects to that profile. However, since this is a global Salesforce org, hence, there is data for other countries as well in this instance.

I want the user with the profile to see only data of France i.e with country "FR". In this case, my only choice is to:

Remove the "View All" permission of the profile from all objects.
Give the user a role such as "FR-Corp".
Create sharing rules for all objects with "Private" OWD and share with this role.

The problem is that since this is an integration profile, I cannot assign a role to the user with this profile. Also, it is not plausible to create sharing rules since there are a lot of objects with private OWD.

Same problem occurs by assigning the user to a public group, i.e a lot of sharing rules need to be created.

In this case, please suggest me the easiest possible options.

Upvotes: 0

Answers (2)

Arnold Brown

Reputation: 11

I don't think what you say is correct: "The problem is that since this is an integration profile, I cannot assign a role to the user with this profile."
In my org we have a few integration connections. Each connection is anchored by a SF user license which has both Role and Profile. You should likely give the integration it's own user license and name the user something like "Integration (Fr)" Set the Roll up with appropriate hierarchy position, permissions and sharing rules and once you've done all the token resets needed set as API login only & password never expires. That should do it unless I'm missing something.

Upvotes: 0

Hleb

Reputation: 7391

Actually, how to solve your issue is dependent on business process you are trying to implement. There are few ways:

sharing by hierarchy: setting proper roles and checking 'grant access using hierarchy'
sharing rules: setting proper sharing rules, owner/criteria based
manual sharing: using button
sharing using apex: using share object of any corresponding object

I think, this document will be useful for you.

Upvotes: 0

How to restrict a user to access for specific object records without role in Salesforce

Answers (2)

Related Questions