Loading
Feature Degradation | Agentforce Voice Read More
Manage Users and Data Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Troubleshoot Why a Customer or Partner User Has Unexpected Object or Record Access

            You are here:

            1. Salesforce Help
            2. Docs
            3. Manage Users and Data Access

            Troubleshoot Why a Customer or Partner User Has Unexpected Object or Record Access

            If your customer or partner user can access a record but this access isn’t intended, work through these steps to remediate the issue.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            The available user and data management options vary according to which Salesforce edition you have.
            User Permissions Needed
            To access features or complete tasks mentioned in this topic: See the related Help documentation.
            Note
            Note Before you begin, check if your user has a Customer Community Plus or Partner Community user license. If you’re troubleshooting access for a high-volume user, see this topic. For guest users, see this topic.

            If you’re looking for guidance on troubleshooting access issues for fields, see this topic. For troubleshooting access issues for features, see this topic.

            Diagram representing the steps for troubleshooting if an external user has unexpected access.
            1. Check if the user’s base-level object permissions are correct. Go to the user’s detail page in Setup, and click View Summary. In the Object Permissions tab, you can see all of the user’s assigned object permissions.
              1. If the user has more object permissions than they need, click the permission's row-level action, and then click Access Granted By to see which profile, permissions sets, or permission set groups are granting this access. You can change the user’s profile or remove their permission set or permission set group assignments. You can also modify the included permissions, but doing so affects all users assigned the same profile, permission set, or permission set group.
              If the object permissions are correct, move to the next step. This issue is related to record access.
            2. Review who does have access to the specific record. In Lightning Experience, click Sharing Hierarchy from the Action Menu on the record. In Salesforce Classic, click Sharing on the record, then click Expand List. The Sharing Hierarchy page shows the users, groups, roles, and territories that have access to the record. In Lightning Experience, click View to see reasons for access, including the name of the sharing mechanism that grants access.
              From the sharing reasons, you can find that the user has access because they have a certain role or they’re a member of a specific public group. Depending on your sharing configuration, you can update the user’s assignments or update the sharing rule or manual share that grant access.
              If you don’t see the user listed as being shared the record, move to the next step.
              Note
              Note If you don’t see the Sharing Hierarchy option and you have the right permissions, make sure that this option is added to the page layout.
            3. Review Experience Cloud-specific sharing features.
              1. Review your sharing sets on the Digital Experiences > Settings page. Make sure that the correct profiles are selected and the access mapping is configured correctly. Also keep in mind that access granted to users via a sharing set isn’t extended to their superiors in the role hierarchy.
              2. Review your share groups for each of the sharing sets. Make sure that the correct members are added to the share group. Keep in mind that share group members can access any records owned by high-volume users associated with the sharing set, even if the objects aren’t defined in the sharing set.
              3. Review your account relationship data sharing rules on the Sharing Settings page. Make sure that the correct users are given access, the account relationship type is correct, and the account relationship is configured as you intended.
            4. Review Experience Cloud settings that affect access.
              1. Grant site users access to related cases: For Customer Community Plus users, if enabled, users with this license can view and edit cases in which they’re listed as the contact. This setting is enabled by default.
              2. Super user access: Partner super users can get insights into the records of other partner users who are at their role level or below them in the account role hierarchy. Customer Community Plus users with the Portal Super User permission can access more records and data.
              3. Roles: Make sure that the user is assigned the correct role and the external account hierarchy is set up correctly. Users can view and edit all data owned by or shared with users below them in the hierarchy.
            5. Check Apex-managed sharing. For custom objects, if you’re sharing records programmatically by using Apex, verify that your code is working correctly.
             
            Loading
            Salesforce Help | Article