Record Level Visibility
About Record Level Visibility
In general, anyone whose role gives them access to an object can see any of the records it contains. But with Record Level Visibility you can specify who is allowed to see each record, one by one. With no visibility criteria specified, everyone who can access the object can see the record. But with visibility criteria specified, only users who match the specified criteria can see it. Users who not match the specified criteria do not see the record in list views, search results, or reports. And if they happen to have the URL that goes directly to that record, they get a "record not found" error when they visit that URL.
When Record Level Visibility every object has an additional setting that specifies the kind of criteria that can be specified on an individual record. You can choose one of several options as a basis for that criteria: The user's team, the user's role, user IDs, or the value in one of several kinds of custom User Fields that can be defined on the User object.
- __TBD: picture__
Once the criteria type has been selected, every record displayed for that object has an additional "Visiblity" section in the sidebar. A user who has Control Visibility permission can then put controls in place to determine who can see the record, and who cannot.
- __TBD: picture__
Warning:
When you restrict visibility, it is entirely possible to cut yourself out of the loop. In some cases, that is the desired and intended behavior. But if you restrict visibility to a team you don't belong to, restrict it to a list of users that does not include yourself, or restrict it to a role you do not have, then at that point you can no longer see the record, even if you own it. (But an admin can still see it, and re-set visibility.)
Working with Record Level Visibility
- The Record Level Visibility option is enabled by your Service Provider.
- The default single sign-on setting on on-premises installation is off.
- The default single sign-on setting on the cloud is off. (Contact Support to make changes.)
Setting Up Record Level Visibility
- Go to > Customization > Objects
- Click the object that needs the restricted visibility option
- Click Additional Record-Level Criteria
- Choose the type of visibility restrictions that can be specified when viewing a record:
- Teams - When viewing a record, one or more teams can be selected. To see the record, a user must belong to one of the selected teams.
- Roles - When viewing a record, one or more roles can be selected. To see the record, a user must have one of those roles.
- Users - When viewing a record, one or more users can be selected. Only the selected users can see the record.
- Custom User Field
- When you choose this option, you also specify which User Field to use.
- When viewing a record, one or more values can be specified for that field.
- To see the record, a user must have a matching value in that field.
Important:
If you change an existing criteria setting to something different, all existing record visibility-restrictions are removed. If, for example, you change the criteria from Teams to Roles, and a record was previously restricted to the operations team, that record becomes immediately visible to everyone. (A warning dialog is issued to make sure such a change does not happen inadvertently.) Before making such a change then, it is advisable to make a list of all records that currently have a visibility restriction.