Historically, we have granted record access in Salesforce with OWD (Organization-Wide Defaults: It can be used to give permissions to the organization-wide and can restrict access).
Through OWD: We can restrict the record-level access as Public Read, Private, Public Read/Write/Transfer (Case & Lead), Public Full Access (Campaign Object only), Public Read/Write, and then accessing those objects using several types of features like sharing Rules, Role Hierarchy, and some advanced settings such as territory management.
But now, we can restrict or refine record access with a feature called ‘Restriction Rules’. Restriction Rules help us to enhance security by allowing certain kinds of users to access specific types of records.
Whenever a restriction rule applies to the user, the data they could access with the help of sharing setting is further filtered out if it matches the rule criteria of Restriction Rules.
How can we create /configure Restriction Rules in Salesforce?
As per the Winter’22 release, we can create two restriction rules per object in Enterprise and Developer Editions as well as up to five restriction rules per object in Performance Editions and Unlimited Editions.
The following are the steps to create Restriction Rules in Salesforce:
1. Navigate to the Object Manager in Setup and then select the object you want to add a restriction rule.
2. On the side bar, Click Restriction Rules and then create a new Rule.
3. Enter the name of Rule as well as Full Name as, the full name will be automatically populated with respect to Rule’s Name. The Full name is the name of the component and used by the API.
Add Description of the Restriction Rule.
4. Select Active checkbox, so that the Restriction Rule immediately have the effect upon saving.
5. Select which users this restriction rule applies to, Under User criteria.
6. After choosing the User Criteria under the criteria type, now select a record field and choose filter settings to determine which records are accessible.
7. Under the Record criteria in Restriction Rule, select which records the specified types of users are allowed to see. For the Field value, with the help of dot notation we can reference another object’s field.
8. Click on the Save button.
Where can Restriction Rules be available and applied?
As of now, Restriction Rules are available for:
- Custom Objects
- External Objects
- Time Sheets
- Time Sheet Entries.
The following Salesforce features, in which Restriction rules can be applied are given below:
- Related Lists
- List Views
What are the Limitations of Restriction Rules in Salesforce?
As of now, with the Winter’22 release, the following data types supported by the Restriction Rules in the USer as well as Record Criteria Fields:
- Single Picklist
2. We can create only two Restriction Rules in the supported objects in the Enterprise version and five in Performance Edition.
3. We can’t create Formula in Restriction Rules.
4. As of now, we can use only ‘Equal’ Operator in Restriction Rules. Usage of Not Equals,AND,OR, are not supported.
5. We can create only one Restriction Rule per object per user.