Reputation: 51
Revoking edit access based on record's field
Background
I'm trying to prevent editing of a record based on one of it's fields having a non-blank value. I'd like to do it with permissions and sharing rules, but I'm not sure what the best way to set it up is. I'm trying to avoid triggers and adding extra fields if possible.
At my work, we're using an object to represent a Job being worked on in the field. A lot of different users need access to edit a Job in progress and so it's set with public read/write sharing rules. Once a job is completed though, it's processed by billing and has an Invoice # field filled in. Once that's set, only billing users should be able to edit the record.
What I've Tried
I first tried a validation rule that fires when Invoice # is filled and the user's profile is not the billing team. This worked initially, but caused triggers to fail when a billing user tried to edit afterwards allows the Invoice # to be set and saved, but triggers that fire afterwards then trip and fail on the validation rule.
Next and currently, I'm playing with sharing rules to accomplish this, which seems like the right path to go down. However, I also want to prevent editing of child records in a related list under the Job. It doesn't seem like I can use cross-object fields or any formula fields in a sharing rule, so I'm not sure if this is possible without using triggers.
What I Could Try
I know I can use sharing rules with a trigger to set a sort of Editable or Locked checkbox field on the record and children when the Invoice # field is set, but I really don't like the idea of that much overhead for something seemingly simple.
Question
What's the cleanest way to allow users to edit a record until a certain field is non-null, after which only a subset of users can edit? If possible, how can I extend that to child objects in a related list?
Upvotes: 1
Views: 496
Answers (1)
Reputation: 624
I would use an on before update trigger to accomplish this.
Something like this:
if (Trigger.isUpdate && trigger.isBefore && UserInfo.getUserRoleId() != billingRoleId) {
for (Job__c theJobRecord : Trigger.new) {
if (String.isNotBlank(theJobRecord.Invoice_Number__c)) {
theJobRecord.Name.addError('You do not have permissions to modify this record!');
}
}
}
If you want to do this inside a Validation rule check if the job record invoice number is blank or use the global merge field $UserRole and check the name of the role else fail the Validation rule.
Upvotes: 1
Related Questions
- Prevent record from being edited after a certain condition
- Set field to readonly if currently edited user has higher privelage
- Drupal 7 - Hide certain form fields of a content edit form depending on the content data
- Is there a way to protect a field so that only certain users can edit?
- Conditional read only on a field
- Salesforce - Setting field to Read Only
- How to give edit permission only to specific fields in node edit in?
- Is there a way to make a field only editable by a trigger?
- Limit editing to specific fields in a SharePoint 2010 list
- Restricting Users to only edit their data in SharePoint edit form