Today's post is a guest post from Jayvin Arora, a certified Force.com developer and the leader of the Philadelphia Salesforce User Group. Jayvin has been writing a series of blog posts titled "A review of Record Level Security for Admins and Developers" (see parts One, Two and Three
Jayvin is often found hanging out on the #salesforce IRC channel on Freenode, and you can find him on Twitter too as @JayvinArora.
Typically, you'll have two troubleshooting scenarios to deal with in Salesforce:
- Why can a user access a record?
- Why can't a user access a record?
We've discussed point #1 a bit in the course of the series, but to summarize, you can
Go to the record in question, and click the Sharing Button. Find the User's name and then click on the 'Why?' link. This will give you the reasons why the user has access to the record, and you can reevaluate your sharing rules accordingly (for more info on this functionality, check out this link. The harder troubleshooting case to answer is why can't a user access a record? Sadly, this is more complicated, so here's a diagram to help you out.
If this doesn't get you anywhere, there is another thing to take into consideration. Since Roles are optional in Salesforce, it’s possible that a User is not assigned a role. Since the bulk of Sharing is Role Based, the model potentially breaks down when the either the record owner or the user in context isn’t assigned a role. To verify this check out the User’s Detail page.