Loading
Salesforce now sends email only from verified domains. Read More
Sales Basics
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Row-Level Security Example based on Role Hierarchy

            You are here:

            1. Salesforce Help
            2. Docs
            3. Sales Basics

            Row-Level Security Example based on Role Hierarchy

            This policy leverages the Salesforce Role Hierarchy to allow managers/supervisors to view not only their own records but also the records belonging to their subordinates. This capability uses the specialized hierarchy operator in Data 360.

            Required Editions

            Available in: Lightning Experience
            Available with Sales with Agentforce 1 Edition or Agentforce for Sales Add-on license in: Enterprise, Performance, and Unlimited Editions.
            User Permissions Needed
            To manage Data 360: Data Cloud Architect
            To manage Sales Insights: Sales Insights User permission set
            To use Sales Insights: Tableau Next Limited Consumer

            Determine Which Data DMO to Include in the Policy

            The policy must be applied to the DMO being secured, linking its owner field back to the user/role structure.

            1. Determine Which Data DMO to Include in the Policy.
            2. The policy must be applied to the DMO being secured, linking its owner field back to the user/role structure.
              DMO ssot__Opportunity__dlm
              Description The fact object containing sales opportunity details.
              Controlling Field (User Context) ssot__OwnerId__c (Record Owner ID)
            3. Add Policy/Author
              1. In the Data Governance Policy Builder, create a new Data Policy.
              2. Select the DMO: ssot__Opportunity__dlm.
              3. Set the Action to Allow.
              4. Define the Condition using the hierarchy operator.
              5. Set the rule to Allow access to the record IF the logged-in user is hierarchically above the record owner in the Role Hierarchy.
                • Condition Logic (Conceptual Implementation):
                • ssot__Opportunity__dlm.ssot__OwnerId__c Is Hierarchically Above In $Role Hierarchy
                • Interpretation: Deny access to the record if the logged-in user's role is NOT hierarchically above the record owner's role, thus limiting visibility to the user's role and all roles above them in the hierarchy.
             
            Loading
            Salesforce Help | Article