Salesforce Restriction Rules with Modify All Records Permission and Impact on Record Security

Restriction Rules provide a granular level of control over record visibility within Salesforce. They allow administrators to define criteria that restrict access to certain records based on conditions such as field values, user roles, or ownership. Restriction Rules are often used to implement record-level security and ensure that sensitive data is only visible to authorized users.

Resolving Conflicts:
Conflicts between Object Permissions and Restriction Rules can occur when there are conflicting directives regarding the visibility of specific records. In such cases, it's crucial to understand how Salesforce determines which rule takes precedence.

Priority of Restriction Rules:
When conflicts arise between Object Permissions and Restriction Rules, Restriction Rules always take precedence. This means that if a Restriction Rule restricts access to a record, even if the user has broader Object Permissions, the Restriction Rule will prevail, and the record will remain inaccessible.

Example Scenario:
Let's consider a scenario where a Restriction Rule is in place to restrict access to records with a certain sensitive field value. However, a user with Object Permissions that would otherwise grant access to those records attempts to edit/create them. In this case, the Restriction Rule will override the Object Permissions, and the records will remain hidden from the user.

Modification of Object Permissions:
It's important to note that Object Permissions can override Restriction Rules if they are explicitly modified. For instance, if an administrator grants a user "Modify All Records" or "View All Records" permissions for a specific object, those permissions will supersede any Restriction Rules in place, granting the user unrestricted access to all records of that object, regardless of the criteria defined in the Restriction Rules.