Row-Level Security Example based on Role Hierarchy and Record Ownership

Let’s look at an example where you create a dataset based on Salesforce data and then implement row-level security based on the Salesforce role hierarchy and record ownership. In this example, you will create a dataset that contains all opportunities. To restrict access on each record in the dataset, you will create a security policy where each user can view only opportunities that they own or that are owned by their subordinates based on the Salesforce role hierarchy. This process requires multiple steps that are described in the sections that follow.

1. Determine Which Data to Include in the Dataset
   First, determine what data you want to include in the dataset. For this example, you will create the OppRoles dataset that contains all opportunities as well as user details about each opportunity owner, such as their full name, division, and title.
2. Design the Dataflow to Load the Data
   Now it’s time to figure out how the dataflow will extract the data and load it into a dataset. You start by creating this high-level design for the dataflow.
3. Determine Row-Level Security for the Dataset
   Now it’s time to think about row-level security. How will you restrict access to each record in this dataset?
4. Modify the Dataflow Based on Row-Level Security
   Now it’s time to modify the dataflow definition file to account for the predicate.
5. Create the Dataset
   Now that you have the final dataflow definition file, you can create the dataset.
6. Test Row-Level Security for the Dataset
   You must verify that the predicate is applied properly and that each user can see the appropriate opportunities.