top of page
Blog
  • Writer's pictureIryna Yamborska

Enhance security with Salesforce Restriction Rules

With new Salesforce releases, a lot of new things came to us, so today, let's talk about the Winter '22 release and a new mechanism for controlling security in Salesforce.


What are Salesforce Restriction Rules?


Restriction Rules enhance security by allowing exact users to access only exact records. They prevent users from accessing records containing sensitive data or information not essential to their work. Salesforce Restriction Rules filter the records the user has access to so that the user can only access records that match the specified criteria.


How do Salesforce Restriction Rules work?


When Salesforce Restriction Rules are applied to a user, records that the user has access due to org-wide defaults, sharing rules, and other sharing mechanisms are filtered by specified criteria. For example, if users navigate to the Today's Tasks tab or the Actions list, they only see entries that match the criteria of the restriction rule. If the user has a link to a record that becomes unavailable after applying the restriction rule, the user will see an error message.

restriction rules

Salesforce Restriction Rules are available for org-wide defaults, sharing rules, and other sharing mechanisms. You can create up to two active Restriction Rules per object in the Enterprise and Developer organizations and up to five active Restriction Rules in the Performance and Unlimited organizations. Restriction Rules are applied to the following features in Salesforce:

  • List Views

  • Lookups

  • Related Lists

  • Reports

  • Search

  • SOQL

  • SOSL

How do Salesforce Restriction Rules affect Sharing Settings?


Users have access to a record based on organization-wide defaults or other sharing mechanisms such as sharing rules or enterprise territory management.

before restriction rules

When Restriction Rules are applied to users, the data they had read access to is further restricted to only records matching the record criteria. This is similar to how you can filter the results in a listview or a report, except that it is permanent. The number of records visible to the user can vary greatly depending on the value you specify in the record criteria.

after restriction rules

When to apply Salesforce Restriction Rules?


Use Restriction Rules if you want certain users to see only a certain set of records. Restriction Rules can make it easier to control access to records with sensitive or confidential information. Access to contracts, tasks, and events can be difficult to make truly private using organization-wide defaults, so restriction rules are the best way to set this visibility.


For example, you have competing sales teams that shouldn’t see each other's activities, even if those activities are on the exact same account. With restriction rules, you can ensure that sales teams see only their activities and activities relevant to their work. Or, if you provide sensitive services to multiple individuals, use restriction rules so that only team members responsible for supporting those individuals can see related tasks.


Salesforce Restriction Rules creating process:


1. Select the object to which you want to connect Restriction Rules (in our case, this is the Demo object);

create new rule

2. Then fill in the details;

demo restriction rules

3. Add user criteria - Users to which Restriction Rules will apply;

user criteria

4. Add record criteria that the Users can see;

record criteria

5. Press the Save button, and you’ll get a new mechanism that helps simplify the management of access to records.


But there is one thing: when creating multiple Restriction Rules, remember that only one active rule applies to a user. Salesforce does not check if any other rules apply to the user. So, if you create two active rules and both rules apply to a user, only one of the active rules is followed.


To sum up


Salesforce provided us with a mechanism with which you can easily control security based on the rules for users. The funniest thing about this "innovation" is that in order to use Salesforce Restriction Rules without problems, you need to disable the Classic mode for your organization. Therefore, as they say, if you want something new, give up the old.


Visuals have been taken from the official Salesforce page.


Sparkybit is Salesforce consulting and development company. We make Salesforce perform at its best by fitting it to Clients’ custom business needs. If you are willing to make Salesforce work for your business goals, contact us.


bottom of page