Widget Restriction Rules


    Applicable to ​CustomListRelatedRecordArchivedWidget ​​and ​CustomSingleRelatedRecordArchivedWidget ​​

    Use Widget Restriction Rules to control end-user visibility in Salesforce of specific archived records according to Object Sharing tables.

    Introduction

    When a restriction rule is applied, it dictates how records are shared or restricted within Salesforce. This information is stored and managed in the object sharing tables, which track the access levels and permissions granted to users or groups for specific records or objects based on the rules defined by the organization.
    Only when the object sharing setting is set to private, can you enforce the record-level access to the archived records on the widget.

    In order to view and check your sharing settings, go to Setup ⇾ Sharing Settings

     


     

    ​​Widget Restriction Rules in Archive​​

    Similar to ​Salesforce Restriction Rules​​, in Archive, we allow logged-in users access to records that were shared via sharing rules. Archive utilizes the existing sharing rule definitions as restriction rules, as set up in Salesforce.  In other words, access to archived records is restricted only according to the sharing rules that have been specifically applied to those records. This means that once the feature is enabled, the records available on the widget are only those that respect the sharing rules.

    Archive Permission Set: Archive Override Widget Restriction Rule enables system admins to have access to all archived records, ignoring the widget restriction rules. We recommend adding this permission set to admins only.

    You can restrict access for up to 5 sharing objects.

    Own Archive supports the following sharing rule types, when the record owner is public group:

    • Queues
    • Roles - available from package #21 June 2024

     

    Enabling the Sharing Setting Feature

     Make sure the Exclude Share Objects feature, under the Archive Settings > Archive tab is disabled.  

     

    Getting Started

    If the object isn’t visible in the list, make sure the object required has been archived. 

    1. From Archive Settings > Widget Restriction Rules tab, click the ​+Add Objec​​t to open the dropdown list of available objects to apply the restriction to.

    2. Select the object for sharing. For example, ‘Case Share’
      ​You can click ​Delete​​ to change your selection. This feature is only available prior to clicking Submit All.

    3. You can add up to 5 objects. Click ​Add Object.​​

    4. Click Submit All.

    5. The following message appears:

    6. Click Confirm
      A banner appears at the start of the process, and disappears once the new request has been processed. 
      This may take up to 30 minutes.
       

    The table shows the following:​

    • Object Name - the object label name
    • API Name - the object API name
    • Start Date - the first recalculation of access restriction
    • End Date - when the recalculation was completed, and the restriction applied
    • Status - available statuses list, and when each is available
    ​Once an object sharing table is selected and submitted, you will not be able to choose another to share. A banner displays that you have reached the limit of Widget Restriction Rules.

     

    Q&A

    Q: As a system admin, I’ve restricted widget access for end users to Case Share, and now I cannot see the archived Cases on the widget, only through the Archive Search. Is this a bug?

    A: No. The new restriction ONLY respects the object sharing table. The Archive Search does not respect Sharing Rules.

     

    Q: As a system admin, how can I view archived records after I restricted access on Case Share?

    A: All archived records are viewable through the Archive Search. Alternatively, you can assign the Override Widget Sharing Rule permission set.

     

    Q: How do I add Sharing settings to Case children when their Organization-Wide Sharing Defaults (OWD) is Controlled by Parent?

    A: You cannot add sharing to the Case children. To enforce record-level-access on this object, you must restrict access to the Case object via the Sharing Settings. This will ensure that access to child records is according to their parent Case.

     

    Q: If I added sharing settings on the Case, and then I added new sharing rules, would this impact the archived record access?

    A: The answer is very much case dependent. 
    Adding a subgroup to an existing group means the new group will inherit all sharing rules, including access rights to archived records retroactively.
    Creating a new group will not grant retroactive access to records already archived.

     

    Q: I'm a newly onboarded customer. I just added a new policy on Case and I want to restrict access to Case. Why don't I see the Case in the sharing object list?

    A: There are three possible reasons:

    1. The object Sharing Settings is not set to private and did not have sharing rules in Salesforce before archiving the Case record.
    2. You excluded sharing on the Archive Operation Settings.
    3. The Case policy did not run yet.
      To check this, go to the Activities tab.

     

    Q: Can I remove the limitation on the sharing settings?

    A: Yes. This change is immediate, no recalculation is required.

     

    Q: Can I change the object sharing table?

    A: Once an object has been submitted, it is not possible at the moment to change.

     

    Q: I just saved the Case share in the Search Settings. Does the recalculation impact my current OWD for Case sharing?

    A: No. the recalculation is an Archive internal process and has no impact on the OWD of Salesforce.

     

    Q: I added the Widget Search to the Case Share. I’ve just unarchived a Case. What would be the sharing rules of the newly created Salesforce record?

    A: When a record is unarchived, it is added to Salesforce with its current sharing configuration. In this example, a new Case will be added to Salesforce according to the current Salesforce OWD Sharing Settings of the Case object.

     

    Q: When the queue is record owner, will all users in the queue have access to that record?
    A: Yes

     

    Q: I have assigned a widget rule, but end users are still able to access records they should not. What should I check?
    A: Verify the following:

    • The user does not have the Archive Override Widget Sharing Rules permission set assigned.
    • The user does not have the Archive Admin permission set assigned.
    • The user is not assigned a System Admin Profile or any other custom administrative profile.
    « Previous ArticleNext Article »