Troubleshooting Sharing Model in Salesforce

In this blog,I have covered two scenarios with two extreme conditions which will help to understand the security model issues and how to troubleshoot them.This Blog may not provide you the basic definitions on the Salesforce Security model but for better understanding I have included the hyperlinks for all those terms which may require a basic explanation.

Let us jump to the scenarios now

Scenario 1:

The absurd error you might get sometimes and that confuses us on the requirement which deals with Salesforce Security Model:

“You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator is access is necessary.”

I am  here are taking an example by which  will help to  understand the security model .The above  error occurs most of the time  when the user tries to access the record(performs a view /edit/delete action ).

And wait..to make it more clearer I would say that there might be requirements sometimes to accomplish this error,means you want to show this error for some users when they try to access specific records.

Troubleshoot:

1. The user might be trying to view/ edit/delete  someone else’s record.That is most likely happening because the user doesn’t have permission to edit someone else’s record.
2. The OWD Settings might be set to private for that Object which might not allow you to read/write other records.Before editing OWD settings
3. The user might not have access to that object (Say User wants to view/edit some Account -“ABC” but he is unable to do so, here user might not have access to Account Object ).So  Object Level Permissions, might be the reason due to which you might  get this error.
4. Permission sets and Profiles  grant access for what you can do with your own records. So do not get confuse that you have access but still you are facing this issue.
5. Do you want the user have edit/read access to fields on all records of a specific object? (regardless of who owns them) – Go for Sharing Rules.
6. Do you want the  user have access to those fields only for specific Records on Object? – Go for  Manual Sharing.

Scenario 2:

There might be a case when the user is seeing what he is not supposed to,Like Account”ABC”  created by user 1  is accessible by user 2 which might result to security breach .

Troubleshoot:

1. OWD Settings might be set to public with Read/Write Permissions.Go to Setup -> Security Controls -> Sharing Settings  and change the settings.Please note that this is the basic settings and if you widen the sharing settings at this level and then you cannot narrow it at any other level.
2. If you are working on  standard salesforce object s like Account,Opportunity and Case Other things that you should look into its Account Teams,Opportunity Teams,Case Teams as they might share the records visibility even if the users don’t have access at OWD level.
3. Check Manual Sharing and Sharing Settings   as they control what users can do with other users’ records.