Difference between revisions of "Record Level Visibility"
imported>Aeric |
imported>Aeric |
||
Line 58: | Line 58: | ||
:* In cases where a [[User Field]] is the visibility criteria, and the field is a text field or a numeric field, then you can specify one or more values, and/or delete existing values. | :* In cases where a [[User Field]] is the visibility criteria, and the field is a text field or a numeric field, then you can specify one or more values, and/or delete existing values. | ||
{{Warn|<br>When you restrict visibility, it is entirely possible to cut yourself out of the loop. In some cases, that is the desired and intended behavior. But if you restrict visibility to a team you don't belong to, restrict it to a list of users that does not include yourself, or | {{Warn|<br>When you restrict visibility, it is entirely possible to cut yourself out of the loop. In some cases, that is the desired and intended behavior. But if you restrict visibility to a team you don't belong to, or you restrict it to a list of users that does not include yourself, or to a role you do not have, then at that point you can no longer see the record, even if you own it. (But an admin can still see it, and re-set visibility.)}} | ||
<noinclude> | <noinclude> | ||
[[Category:Data Permissions]] | [[Category:Data Permissions]] | ||
</noinclude> | </noinclude> |
Revision as of 22:26, 11 September 2015
About Record Level Visibility
In general, anyone whose role gives them access to an object can see any of the records it contains. But with Record Level Visibility you can specify who is allowed to see each record, one by one. With no visibility criteria specified, everyone who can access the object can see the record. But with visibility criteria specified, only users who match the specified criteria can see it. Users who not match the specified criteria do not see the record in list views, search results, or reports. And if they happen to have the URL that goes directly to that record, they get a "record not found" error when they visit that URL.
- Considerations:
- A record that is not visible to a particular user does not appear in reports, views, or search results.
- It also does not appear in the SQL browser, and cannot be reached using REST APIs.
- Since such record does not appear in reports, two people running the same report can get different results, depending on which records are visible to them.
How it Works
When Record Level Visibility every object has an additional setting that specifies the kind of criteria that can be specified on an individual record. You can choose one of several options as a basis for that criteria: The user's team, the user's role, user IDs, or the value in one of several kinds of custom User Fields that can be defined on the User object.
Once the criteria type has been selected, every record displayed for that object has an additional "Visiblity" section in the sidebar. A user who has Control Visibility permission can then put controls in place to determine who can see the record, and who cannot.
Tip: For a VIP client in the hospital scenario, it would be possible to set up a team or role named VIP. Then, when visibility is set, the visibility section of the sidebar would display "VIP", and people on that team (or with that role)–and only those people–can see the record. Other possible labels include "Top Secret", or "Reserved".
Automatic Auditing
- Record-visibility selections made by users are automatically added as entries in the Audit Log.
- Changes to a record's visiblity criteria are automatically recorded in the Field Audit Log, as well.
Working with Record Level Visibility
- The Record Level Visibility option is enabled by your Service Provider.
- The default single sign-on setting on on-premises installation is off.
- The default single sign-on setting on the cloud is off. (Contact Support to make changes.)
Setting Up Record Level Visibility
- Go to > Customization > Objects
- Click the object that needs the restricted visibility option
- Click Additional Record-Level Criteria
- Choose the type of visibility restrictions that can be specified when viewing a record:
- Teams - When viewing a record, one or more teams can be selected. To see the record, a user must belong to one of the selected teams.
- Roles - When viewing a record, one or more roles can be selected. To see the record, a user must have one of those roles.
- Important:
Specifying visibility criteria for a record in one app automatically makes the record invisible in all other applications.
(Because, even if two roles have the same name in different applications, they are not actually the same role.)
If an object is shared among multiple applications, then, it is wise to use a different form of visibility control.
- Important:
- Users - When viewing a record, one or more users can be selected. Only the selected users can see the record.
- Custom User Field
- When you choose this option, you also specify which User Field to use.
- When viewing a record, one or more values can be specified for that field.
- To see the record, a user must have a matching value in that field.
- The kinds of fields that can be chosen include:
- Lookup fields
- Picklists
- Global Picklists
- Text Fields
- Numeric Fields
- Other field types cannot be chosen (mostly because it makes little sense to do so).
Important:
If you change an existing criteria setting to something different, all existing record visibility-restrictions are removed. If, for example, you change the criteria from Teams to Roles, and a record was previously restricted to the operations team, that record becomes immediately visible to everyone. (A warning dialog is issued to make sure such a change does not happen inadvertently.) Before making such a change then, it is advisable to make a list of all records that currently have a visibility restriction.
Determining Who Can Control Visibility
Users who have Control Visibility permission can create and modify visibility settings--assuming they can see the record in the first place. In the Role Settings, you specify each object for which a user in that role has that capability.
Note:
Administrators who have the Global View permission can always see the record, regardless of its visibility restrictions. If the admin's role gives them Control Visibility permission, then the admin can also modify the record's visibility--for example, to undo an inadvertent change that rendered the record invisible to the record owner.
Setting Visibility Criteria on a Record
When viewing a record, click in the Visibility section to specify who can see the record. The operation of the selection dialog depends on the type of visibility criteria that has been defined on that object:
- In all cases, a "chooser" dialog appears that lets you specify visibility controls.
- In most cases, the chooser is a selector-dialog that lets select one or more entries, and/or delete existing entries.
- In cases where a User Field is the visibility criteria, and the field is a text field or a numeric field, then you can specify one or more values, and/or delete existing values.
Warning:
When you restrict visibility, it is entirely possible to cut yourself out of the loop. In some cases, that is the desired and intended behavior. But if you restrict visibility to a team you don't belong to, or you restrict it to a list of users that does not include yourself, or to a role you do not have, then at that point you can no longer see the record, even if you own it. (But an admin can still see it, and re-set visibility.)