Last Updated on April 11, 2022 by Rakesh Gupta
The Files, in Lightning Experience, consolidates all of your users’ files, documents, content, and attachments into a single system for easier management and collaboration. Files are more versatile and provide some cool features like Version Control, Collaborate on files, Sync File Offline, Sharing Setting, Follow files that are important to you, etc. You can also use Files Connect to connect with external file systems right from Salesforce. For example, you can connect external data sources, like Google Drive, Box, or SharePoint, right within Salesforce using File Connect.
The Benefits of Salesforce File are as follows:
- Control access to the Files
- Upload Files up to 2GB
- Upload a new version
- Collaboration via Chatter feed
- Ability to follow the Files
- Preview via the Files Preview page
After reading the above, Jason Herr, a Solution Architect at Gurukul on Cloud (GoC), is thinking about implementing File for their newly acquired Salesforce org. He wants to learn more about how file sharing works with the record in Salesforce. In this article, we will discuss the following:
- Understand File Sharing architecture on Record
- The business Use case I
- Set File Sharing to Inherit Record Permissions
- Business Use case II
- Control File Access for a specific file on a Record
- Business Use case III
- Grant Read-Only Access to a File
- Business Use case IV
- Open File Access Automatically
- The business Use case I
Let us Understand How the File Sharing Architecture Works on a Record
An ability, to attach files to records, is a powerful way to collaborate and stay organized in Salesforce. It allows users to keep information on an Opportunity, Account, or Case right where they need it.
Once you upload the files to the Records, its sharing depends on the various parameters. For instance, Files sharing on the Records can be controlled through various ways in Salesforce – such as, you can set a File’s access to private; or, enable Set File Sharing to Inherit Record Permission at the org level.
Please spend a few minutes to go through the following Process flow diagram and try to thoroughly understand it. The diagram explains how file-sharing can be restricted, or opened up, by using various features.
Let’s start with business use cases and understand how you can handle different file sharing requirements. In the end, you will have a clear understanding of how to control files access on records in Salesforce.
Business Use case I
Jason Herr is a Solution Architect at Gurukul on Cloud (GoC). He wants to understand how to streamline file access on records so that a user, who can edit a record, can also edit the files.
A solution for the above business requirement
This is a very common scenario in the enterprise business. Let us set up access to files so that it can be controlled via record access which, in turn, will remove some of the overhead of files sharing (manual or automated). By default, in a fresh org (I performed my testing in Developer edition org), a user who can access a record can also view all the files on that record. This is explained in Step 1 of the aforementioned process flow diagram. Follow the steps below to solve Jason’s business requirement.
- Click Setup | Home | Feature Settings | Salesforce Files | General Settings.
- Clicks on the Edit.
- Now select Set file access to Set by Record for files attached to records checkbox, as shown in the following screenshot:
- Click Save.
Going forward, the Files will inherit the Sharing from Record Permissions as follows:
- Users with Read/Write access to a record gets Collaborator access to files attached to that record.
- Users with Read access to a record get Viewer access to files attached to that record.
Business Use case II
Jason Herr was very happy with his learnings so far. He took an hour’s break and went to Panda Express for lunch. However, Jason lives and breaths Salesforce!; so, enroute to Panda Express, Jason was still thinking about the learnings from business use case I. Then suddenly, he remembered a use case that Brenda Castillo, a business user, had shared with him a while ago.
In Salesforce, the way file sharing is set up currently, anyone that has access to the Delta Air Lines Opportunity can access all the files on that Opportunity. Please refer to the following screenshot. 
But what if Brenda wants to control which files on an object are shared with a User? In the above screenshot, you can see that the record has two files. Brenda’s use case is that she wants to have the ability to revoke access to the MoM 19th Oct file from her users.
A solution for the above business requirement
This is another common use case – where business users want to keep some files private on a record and grant public access to other files. Let’s make the MoM 19th Oct file private on the Opportunity object. Follow the steps below to help Brenda solve her use case.
- Click on the Opportunity object and then on the Opportunity Name (In this scenario – Delta Air Lines).
- Clicks on the File you want to change the sharing settings of (In this scenario – MoM 19th Oct).
- Select Edit File Details.
- From the File Privacy on Records drop-down, select an option for controlling the file’s visibility i.e., Private on Records in our scenario.
- Click Save.
Going forward, whenever people view the Delta Air Lines Opportunity record details, they will not see the file named, MoM 19th Oct even if the file is attached to the record to which they have access to. Please note that the file owner sees the attachment, no matter the privacy setting.
The above screenshot shows the number of files visible to the file owner vs. another user. This is what we discussed in the initial flow (Steps – 6 & 7). If you do not see the File Privacy on Records option, when you edit a file’s details, then make sure you have added it to the page layout. Only Admins and file Owners can change the value of the File Privacy on Records.
Business Use case III
Jason Herr meets with Brenda to confirm that the above solution worked for her. With a wide smile on her face, Brenda thanks Jason and presents him with another request! Now, Brenda wants to learn how can she share a file with others that she has marked as private.
A solution for the above business requirement
Well, Brenda is lucky!! For, only File Owners and System Administrators can share private files with users! Furthermore, only the Owners and the Administrators can modify a file’s permission to either Viewer, Collaborator, or No Access.
Follow the steps below to teach Brenda how to meet her business requirement:
- Click on the Opportunity object and then on the Opportunity Name (In this scenario – Delta Air Lines).
- Clicks on the File you want to change the sharing settings (In this scenario – MoM 19th Oct).
- Click on Share, this will open a pop-up.
- Enter the name of the person with whom you want to share the file.
- Choose the file permission you want your audience to have.
- Click Save.
This is what we discussed in the initial process flow (Steps – 8, 9 & 10). After learning all these cool concepts, Jason was feeling great. But, he has one final question – how do we automate such processes? Let’s take one more business use case.
Business Use case IV
Jason Herr is a Solution Architect at GurukulOnCloud. He received the following requirement – When an Opportunity is marked as Closed Won, make sure the Account Owner has access to all the files on the opportunity even if it is marked as private on the record.
A solution for the above business requirement
Before proceeding ahead, understand the functionality of a ContentDocumentLink (It represents a link between a Salesforce CRM Content document or Salesforce file and where it’s shared) object in Salesforce.
| Field Name | Details |
| ContentDocumentId | The ID of the document. |
| LinkedEntityId | The ID of the linked object. Can include Chatter Users, Groups, records (any object that supports Chatter feed tracking including custom objects), and Salesforce CRM Content libraries. |
| ShareType | The permission granted to the user of the shared file in a library. |
As of Summer’22 release, you can’t start Salesforce Flow or Apex on ContentVersion, ContentDocument, or ContentDocumentLink object. The only solution is to use an Apex Trigger.
But our scenario is different and starts from the Opportunity object. In such a scenario, you can use Lightning Flow and automate it. You have to insert a record into the ConetntDocumentLink object, as shown in the following screenshot:
I will discuss a step-by-step solution to the above requirement in another Lightning Flow blog.
I hope, by now, you have a fair understanding of how you can control files access on records or open up the access.
Formative Assessment:
I want to hear from you!
What is one thing you learned from this post? How do you envision applying this new knowledge in the real world? Feel free to share in the comments below.
Proofreader: - Munira Majmundar
Hi Rakes
Thanks so much for the above post, really helpful. I am also really interested in the final step by step solution in flow for sharing access with a specific group of users as I have a scenario that is identical as listed above but is from the Contact object instead. Look forward to seeing what you come up with.
Hi automationchamp,
I would like to know if you already have a blog article of a step-by-step flow solution in the end for automating File access to the account owner?
My case scenario is almost the same, but in the end I don’t want to give all access on records but restrict it only to a specific team/group.
Not yet, I am still planning. Would you mind sharing your use case via email? rakesh at automationchampion dot com?