Give Opportunity edit access to few people without changing Role Hierarchy or granting superior Profile access

Scenario: Lets assume that the Customer has a dedicated Team (Tiger Team) who would like to manage specific type of Opportunities on a need basis with the caveat that,

• Role of the Users Part of Tiger Team should not be changed to provide Edit access to Opportunities
• Profile of the Users part of Tiger Team should not be changed with a superior profile that grants access like Modify All Records to Opportunity Object.

To address the request, we would follow a 3 step process as below:

Step 1: Identifying Tiger Team Member

Let's have a flag created in User object which identifies User as a Tiger team Member: 
a. Go to Setup > Object Manager > User object > Fields & Relationships
b. Create a New Checkbox type field named, Tiger Team Member? as per screenshot

Step 2: Sharing Rule to grant Opportunity access to Tiger Team



a. We start with creating a Public Group named Tiger Group
b. Go to Setup > Public Groups
c. Per the screenshot, ensure that the checkbox Grant access using Hierarchies is not enabled

• This can help server in situations where Tiger team contains members in different part of Role Hierarchy.

d. Then, create a criteria-based Sharing Rule that's opens up Opportunity access of specific type (Ex: Existing Customer - Upgrade  to Tiger Group)



Step 3: Flow automation for Tiger Team management
We then initiate a Flow automation which would automatically add or remove Tiger Team members from Public Group when Tiger Team Member? field in a User record is checked or un-checked. This ensures proper data visibility to the users and avoids any accidental exposure of data.

Here is how to create: Flow to auto add Tiger Team Member



Overall design of above Flow involves: 

1. Query from User object where Tiger Team Member? is set to true.
2. Have an asynchronous path which will query the Public Group named Tiger Group using Get Record element  and adds the Tiger Team member to the Public Group using Create Record element.

• Asynchronous Flow is designed here to prevent “Mixed DML error on set up Objects” error message.

And to add Group Member, Group ID and User or Group ID variables are passed as parameters in the Flow as below:

Here is how to create: Flow to auto remove Tiger Team Member



Overall design of above flow involves: 

1. Query the User object when the Tiger Team Member? is set to false
2. Initiate an asynchronous path which will query the Tiger Group, Group Member Id of the respective Tiger Team member using Get Record element and performs Tiger Team member removal using Delete Records Flow element

Respective Flow screenshots are as below:





With the above combination of Sharing Rule and Automated Flow approach, one can thus provide specific team members access to Opportunity without modifying roles or providing superior profile access.

Note: Above flow designs can be optimized to a single flow as desired. The approach here is just an inference on the concept that can be used to automate.
_______________________________________________________
Written By: Manoj Nambirajan | Salesforce MVP 
Manoj is a Salesforce Enterprise Architect at Dell Technologies with more than 15 years of experience in the Salesforce ecosystem. Manoj has exceptional leadership abilities and a flair for solving issues quickly. Accredited as Salesforce MVP, Manoj has 17 Salesforce certifications and is among the Top 10 Answers leader in the Trailblazer Community.

Submissions reflect only the opinions of the user who made available the Submission and not the opinions of Salesforce, regardless of whether the user is affiliated with Salesforce, and may contain or constitute products, services, information, data, content and other materials made available by or on behalf of third parties ("Third Party Materials).  Salesforce neither controls nor endorses, nor is Salesforce responsible for, any Third  Party Materials, including their accuracy, validity, timeliness, completeness, reliability, integrity, quality, legality,  usefulness or safety, or any applicable intellectual property rights. Any Submissions made available through any message board or forum in response to posted questions, or that otherwise purports to answer any questions, including any questions about Salesforce or Programs, are made available for your general knowledge only and should never be relied upon as answers to your specific questions (even if an answer is marked as a “best” answer or with any similar qualifications). You should always contact Salesforce support for answers to your specific questions. Salesforce has no control over Submissions, and is not responsible for any use or misuse (including any distribution) by any third party of Submissions.

If you have questions, tap into the wisdom of our entire Trailblazer Community here: https://trailhead.salesforce.com/trailblazer-community/feed