Salesforce Advanced Administrator Certification Guide

上QQ阅读APP看书，第一时间看更新

Role hierarchies

With role hierarchies, users can have access to records that are owned by or have been shared with users below their hierarchy. In a few words, the CEO (the person with the highest role) can see any record owned by any user, while the Sales Manager can see records that are owned by or have been shared with sales representatives but cannot see records owned by Service Manager users.

This applies to objects with OWD set to Private or Read Only because of the principle that sharing can grant wider access and not restricted access.

This sharing method can be enabled on the OWD Grant Access Using Hierarchies setting and can only be disabled for custom objects.

To set up roles, go to Setup | Users | Roles:

You can create up to 500 roles for your organization.

Every user should have a role, otherwise their data won't show up on displays based on their role (such as an opportunities report and forecast rollups).

System administrator users may not have the role set, but it is good practice to fill in this field, especially if these users own records. If a role is not set, it is likely that their records won't appear on reports/views.

You can always set the highest role (for example, CEO) for administrator users and not care about record visibility since system admins should have the Modify All Data permission, which grants access to the whole organization's dataset.

To avoid performance issues, no user should be able to own more than 10,000 records. If this is unavoidable (for example, the user is an integration user), assign that user a higher role to avoid complex sharing calculations.

If you have a huge number of roles and users, it is suggested that you use SOAP APIs (for example, a Data Loader) to increase efficiency (at least in the organization setup phase or when users change their role frequently).