Restriction Rules
Restriction Rules (Winter 22) open up the capability that was once never really possible with how access in Salesforce worked; revoking access once already granted it. Salesforce’s sharing model (known in the ecosystem as the onion) is used to grant record access from the ground up, starting with OWDs and going up through to Manual Sharing. But, there was no way to revoke access to a record, the only way would to be not to grant access to the record at all, and instead grant access to other users through a more precise method.
When To Use Restriction Rules
With the help of restriction rule we can prevent record access of certain type which contains sensitive data. In the case of a Parent-Child relationship, sometimes it’s difficult to control access with existing options since if you have parent record access you will get access of the child record. So here restriction rule comes in the picture and provide more control.Access to contracts, tasks, and events can be difficult to make Private using organization-wide defaults, creating restriction rules are the best way to configure this visibility.
Creating a Restriction Rule
- To do this, we need to go into the Setup menu,
- We need to now go to the Object Manager,
- Search for the Object you want the Restriction Rule on,
- In the sidebar on the left, click ‘Restriction Rules’ and then Create Rule,
- Enter the Rule Name & Description, the full name with populate automatically,
- If you want it to take affect straight away, ensure it is Active,
- In the User Criteria section, you want to specify who this rule will apply to,
- Under Record Criteria, you can define what records the specified User is allowed to see
- Save the rule
Considerations
- A total of 2 restriction rules per object for Enterprise & Developer editions, and up to 5 in Performance & Unlimited editions
- Create only one restriction rule per object per user. In other words, for a given object, only one restriction rule at most can have the User Criteria field evaluate to true for a given user.
- Creating a restriction rule for an object doesn’t automatically restrict access to its child objects.
- After restriction rules are applied, users can still see records that they previously had access to in the search box shortcuts list or in the Recently Viewed list view
- Restriction rules don’t apply to users with the View All, Modify All, View All Data, and Modify All Data permissions.