Loading
Salesforce Enforces New Security Requirements in Summer 2026Read More
Sales Basics
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Row-Level Security Example Based on Record Ownership

            You are here:

            1. Salesforce Help
            2. Docs
            3. Sales Basics

            Row-Level Security Example Based on Record Ownership

            This policy ensures that a user can only view records (for example, Opportunities) that they’re explicitly designated as the owner of.

            Required Editions

            Available in: Lightning Experience
            Available with Sales with Agentforce 1 Edition or Agentforce for Sales Add-On license in: Enterprise, Performance, and Unlimited Editions.
            User Permissions Needed
            To manage Data 360: Data Cloud Architect
            To manage Sales Insights: Sales Insights User permission set
            To use Sales Insights: Tableau Next Limited Consumer
            1. Determine which data DMO to include in the policy. The policy must be applied to the primary DMO that contains the record ownership field.
              DMO ssot__Opportunity__dlm
              Description The fact object containing sales opportunity details.
              Controlling Field (User Context) ssot__OwnerId__c (Record Owner ID)
            2. Add Policy/Author
              1. Navigate to the Data Governance tab in Data 360 and create a new Data Policy.
              2. Set the Resource to Record.
              3. Select the DMO: ssot__Opportunity__dlm.
              4. Set the Action to Deny. (This is often used to override the default "Allow All" policy, or you can use an Allow policy that explicitly filters.).
              5. Define the Condition (the security predicate):
              6. Set the rule to Deny access to the record unless the record's owner matches the logged-in user.
                • Condition Logic: ssot__Opportunity__dlm.ssot__OwnerId__c Is Not Equal To $User.ssot__Id__c
              Interpretation: If the opportunity owner ID doesn’t match the logged-in user's ID, deny access to that record.
             
            Loading
            Salesforce Help | Article