4 easy ways to validate and test your security and sharing settings
Have you ever been asked “Who can see what” questions? Have you ever been in a situation where you implemented multiple security and sharing settings but couldn’t find a way to validate and verify them? If you have even run into those situations, this article is for you.
In this article, I will list four easy ways to help you validate and test your security and sharing settings.
1. “Login As”
Salesforce administrators can log in as another user to validate their visibility. This feature is probably the most straightforward approach. But it has some limitations. This feature only helps you verify the visibility, but it doesn’t give you any insights on it, such as why the user can see it or how it was shared with the user. Because of this limitation, it doesn’t help us with troubleshooting the root cause of specific issues.
2. “Share” button in Classic
Although the Lightning interface is being widely used, some features are unfortunately only available in Classic. The “Share” button on an Account record is one of the special features for admins. This button allows you to manually share a record to users, groups, roles and territories and provides you with a list of people who have access to a particular record and the reason they have it. This feature helps admins to quickly address the root cause of an issue and locate the potential solution.
3. “Share Table”
This feature comes in handy when you need to address a list of records’ visibility and cause quickly. For example, in my previous job, we needed to manage the visibility to some important high-level accounts and eliminate the unnecessary sharing to the users who were not supposed to access them moving forward.
The AccountShare (share table for Account object) table can be exported and reviewed in the above case. You can either use Data Loader or Workbench SOQL Query to get those records. The result contains all the data pertaining to explicit and implicit grants. The “row cause” column can be used to address why the users or groups were granted access.
4. “Field Accessibility” in Setup
If you’re validating field-level security settings for different profiles and record types, you can use “Field Accessibility” feature in Setup. You have the option to view the security setting by Fields or Profiles. The result returns you a table of field accessibility for different profiles and record types.
I’m sure there are many other ways to validate security and sharing settings effectively. What are your trick and favourite way to help you answer the “Who sees what” question?
