Loading
Salesforce Enforces New Security Requirements in Summer 2026Read More
Sales Basics
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Row-Level Security Example Based on Manager Hierarchy

            You are here:

            1. Salesforce Help
            2. Docs
            3. Sales Basics

            Row-Level Security Example Based on Manager Hierarchy

            This policy is used in organizations where reporting structure is managed by a specific Manager field rather than the formal Role Hierarchy. This also relies on the specialized hierarchy operator.

            Required Editions

            Available in: Lightning Experience
            Available with Sales with Agentforce 1 Edition or Agentforce for Sales Add-On license in: Enterprise, Performance, and Unlimited Editions.
            User Permissions Needed
            To manage Data 360: Data Cloud Architect
            To manage Sales Insights: Sales Insights User permission set
            To use Sales Insights: Tableau Next Limited Consumer
            1. Determine which data DMO to include in the policy. This policy is best applied to fact DMOs that link records to an Owner or User ID.
              DMO ssot__Opportunity__dlm
              Description The fact object containing sales opportunity details.
              Controlling Field (User Context) ssot__OwnerId__c (Record Owner ID)
            2. Add Policy/Author
              1. In the Data Governance Policy Builder, create a new Data Policy.
              2. Select the DMO: ssot__Opportunity__dlm.
              3. Set the Action to Allow.
              4. Define the Condition using the hierarchy operator against the Manager structure: Set the rule to Allow access to the opportunity record IF the logged-in user is hierarchically above the opportunity owner (based on the Manager field of the user profile).
                • Condition Logic (Conceptual Implementation): ssot__Opportunity__dlm.ssot__OwnerId__c Is Hierarchically Above In $User.ManagerId
              Interpretation: Deny access to the opportunity record if the logged-in user isn’t the manager (or a manager above) of the opportunity owner.
             
            Loading
            Salesforce Help | Article