Restriction Rules, as the clue itself in this name, restricts what records user can see and enhance the security by allowing certain users to access only specified records. Indeed, prevent users from accessing records that can contain sensitive data or information that isn’t essential to their work. They are available for custom objects, external objects, contracts, tasks, and events. Generally, can create up to two active restriction rules per object in Enterprise and Developer editions.
Salesforce restriction rules applied to the following Salesforce features.
- List Views
- Related Lists
When Do I Use Restriction Rules?
when you want certain users to see only a specific set of records. Moreover, can simplify controlling access to records with sensitive or confidential information. Access to contracts, tasks, and events can be difficult to make truly private using organization-wide defaults, making the best way to configure this visibility.
For example, you have competing sales teams that can’t see each other’s activities, even though these activities are on the same account. With restriction rules, you can make sure that sales teams see only activities that belong to them and are relevant to their work. When creating more than one restriction or scoping rule, configure that only one active rule applies to a given user. Salesforce doesn’t validate that only one active rule applies for a given user. If you create two active rules, and both rules apply to a given user, only one of the active rules is observed.
Certainly, we can make certain records invisible, or unavailable, for certain users. After the restriction rule is applied, certain records fall outside the parameters for what they can access based on Sharing setting.
When a restriction rule is applied to users, the data that they had read access to via your sharing settings is further scoped to only records matching the record criteria. This behavior is similar to how you can filter results in a list view or report, except that it’s permanent. The number of records visible to the user can vary greatly depending on the value that you set in the record criteria.
Configure Restriction Rules in Salesforce
Overall, they configured in Salesforce Org Setup or through Tooling API or Metadata API. As of Salesforce Winter’22 release.
Steps to create restriction rules: –
- Navigate to Object Manager in Setup
- Select the Object on which we need to add Restriction Rule
- Click on Restriction Rule
- Name and describe the rule then activate it
- Select the user field and choose filter settings to determine user on which rule is to be applied
- Select the record field and choose filter settings to determine which records are accessible
For example, if there is a master-detail relationship between two objects (Partnership Request (Master) and Onboarding Process (Detail)), and we want Sales reps can see all Partnership records but can only see Onboarding records that they create.
Let’s create Restriction Rule to solve this requirement: –
1. Go to Object Manager, Select Object Onboarding Process.
2. Click on tab “Restriction Rules”, then click on “Create New Rule”
3. Further, enter Rule Name, select “Is Active” checkbox.
4. In User Criteria, select which users this Restriction Rule applies to.
5. In Record Criteria, select which records, specific users are allowed to access.
6. Then click “Save”.