Salesforce Admin · Salesforce Basic · Security Model

Role Hierarchy in Salesforce

An organization where there are many employees, each employee is designated with a specific designation or role. Many employees report to a person who is above their designation. Like in a IT industry where we have designations like, Software Engineer, Senior Software Engineer, Module Lead, Tech Lead, Manager, Director etc. Where Software Engineer and Senior Software Engineer will report to a Module Lead or Tech Lead. Similarly Module Lead and Tech Lead will report to Manager and so on.

A screenshot of a cell phone

Description automatically generated
Roles Section in Salesforce. Top of the tree is the Name of the Company.

Let us consider below example.

A close up of text on a white background

Description automatically generated

Here as you can see the organization chart as per user’s designation/role.

In Salesforce we have similar hierarchy-based user assigned which is called Roles. In this section you can create multiple roles as per organizations chart or policy. Records can be shared with users above role hierarchy.

For Example, lets assume that OWD is private. As per above diagram, if an engineer user creates a record then that record is shared with Lead and Manager but not then the subordinate engineers. Similarly, if a lead user creates record, then that record is shared with manager but not with engineers.

Note: Edit option is based on the profile setting of the user.

Controlling sharing using Role Hierarchy

Users at any role level can view, edit, and report on all data that’s owned by or shared with users below them in their role hierarchy, unless your org’s sharing model for an object specifies otherwise. If you see Org-Wide default sharing section of salesforce, you can see a check box against all object’s names “Grant Access Using Hierarchies”. If Grant Access Using Hierarchies option is selected, then records of those objects will be shared with users above the hierarchy. By default, for all Standard objects this option is checked and disables so that users cannot make any changes. But that option is editable for custom objects, which means you can choose whether you want to share a record based on role hierarchy for custom objects.

A screenshot of a cell phone

Description automatically generated
Sharing Setting Section which shows OWD option with Grant Access Using Hierarchy.

Note:

  • If your organization-wide defaults are more restrictive than Public Read/Write, use role hierarchy to make records more accessible to users.
  • Users at any role level can view, edit, and report on all data that’s owned by or shared with users below them in their role hierarchy, unless your org’s sharing model for an object specifies otherwise.

If you click on any role in the chart. You will see detail page of the role.

A screenshot of a social media post

Description automatically generated
Specific Role detail page.

Click on Edit to update options for case and opportunity access.

A screenshot of a cell phone

Description automatically generated
Edit screen of role, Where you can select access on opportunity and case.

Resources:

Salesforce Help

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s