CRM Analytics apps have sharing behavior similar to core Report and Dashboard folder sharing, as documented here.
When users have been granted the "View All Data" or "Modify All Data" system permissions, they have access to apps that transcends the standard sharing functionality.
Note: "View All Data" and "Modify All Data" are potent permissions and should be granted sparingly and only to users who absolutely need that level of access. Details are available here.
The behavior of CRM Analytics App visibility depends on whether a user holds standard permissions, View All Data, or Modify All Data. The following sections describe each scenario and provide examples.
Standard Permissions
When a user has the appropriate permission set license and the associated Use/Access permissions, they can view apps tied to the same license that they have been granted at least Viewer access to (directly by User, or indirectly by Role or Group).
Example: A user with the following configuration has access only to Sales Analytics templates and apps:
View All Data
If a user is granted "View All Data," they are able to see all apps tied to their assigned permission set license(s).
Continuing the example above: The user has visibility on all Sales Analytics generated apps, regardless of whether those apps have been explicitly shared with that user. The user can see the contents (datasets, lenses, dashboards) of those apps.
Modify All Data
If a user is granted "Modify All Data," they are able to see and edit all apps tied to their assigned permission set license(s).
Continuing the example above: The user has visibility and edit capabilities on all Sales Analytics generated apps, regardless of sharing settings. The user can see and edit the contents (datasets, lenses, dashboards) of those apps.
Security Predicate
It is important to note that the Security Predicate applies row-level security at a query level for datasets. The View All Data and Modify All Data permissions do not override the Security Predicate. Users with these permissions cannot view records that are restricted by the Security Predicate.
Continuing the example above: If the user's visibility is restricted by the Security Predicate on datasets, they only have visibility on related lenses and dashboards for the records permitted by the Security Predicate.
Important Caution: With "Modify All Data," the user is able to edit datasets to modify or remove the Security Predicate. Review your security configuration carefully before granting this permission. More details on implementing row-level security can be found here.
CRM Analytics App Sharing
Security Predicate Considerations
Row-Level Security Implementation Guide for CRM Analytics
View All Data and Modify All Data Permissions
000382181

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.