Salesforce allows you to control the data access at many different levels i.e. object-level, record-level and the field-level. Here we will focus on methods for controlling access to data at the record level.
In the most of the scenario you can use Out-of-box sharing settings to grant record access, but there are few use cases where you have to write an Apex Managed Sharing to share the records with users or groups.
Apex Managed Sharing allows you to use Apex Code to build sophisticated and dynamic sharing settings that aren’t otherwise possible. In this article, I will show you how can use Lightning Flow and Process Builder to solve these requirements instead of using Apex code. Let’s start with a business use case
Business Use case
Warren Mason is working as a System administrator at Universal Containers (UC). Currently, he is working on a project that is implementing audit management for Assets. For this he has created a custom object Audit (OWD: – private) and few custom fields as Shown in the following screenshot:
Now here the business requirement as soon as Auditor__c (Lookup of User object) field gets populated then auto share the audit record (Grant edit access) with the auditor.
A solution for the above business requirement
There are few solutions possible for the above business scenario. We will use Flow and Process Builder to solve the above business requirement.
Before proceeding you have to understand the sharing table in Salesforce. All objects that have a default sharing setting of either Private or Public Read Only also have a related Share object that is similar to an access control list (ACL) found on other platforms.
All share objects for custom objects are named as CustomObject__Share, where CustomObject__c is the name of the related custom object. A shared object includes records supporting all three types of sharing i.e. Force.com managed sharing, User managed sharing, and Apex managed sharing. Share object contains few fields those are following
- ParentId: – The Id of the record being shared. This field cannot be updated.
- UserOrGroupId: – The Id of the User to whom you are granting access.
- AccessLevel: – The level of access that the specified User or Group has been granted.
- RowCause (aka Sharing Reasons): – The reason why the user or group is being granted access.
First of all, we will create an Apex Sharing Reason. Each Apex sharing reason has a Label and a Name. The Label value is displayed in the Reason column when viewing the sharing for a record in the user interface. This allows users and administrators to understand the source of the sharing.
Follow the instructions below to solve the above business requirement:
- To create Apex Sharing Reasons click on Setup | Build | create | Objects | Audit then navigate to Apex Sharing Reasons related list and click on the New button. You can enter any words or phrase for Apex Sharing Reasons. You can create it from Salesforce Classic.
- The next step is to create a flow by navigating to Setup (Gear Icon) | Setup | PLATFORM TOOLS | Process Automation | Flow.
- Now click on the New Flow button; it will open the Lightning Flow Designer for you.
- Now create two text variables VarTAuditId and VarTAuditorId as Shown in the following screenshot:
- The next step is to create a record on the Audit_Share object to share the record with the auditor at the run time. For this drag-and-drop Record Create Element (Give the name Share audit record with Auditor) on the Flow Canvas and fill the details as shown in the following screenshot:
- In the end, Warren’s Flow will look like the following screenshot:
- Once you’re done, Save the flow and name it Share record with Auditor, with Type: Autoloaunched Flow. Do not forget to activate the Flow by clicking on the Activate button.
Launch a Flow from Process Builder
Our next task is to create a Process Builder on the Audit object to start a Flow. To create a Process Builder on the Audit object follow the instructions below:
- Navigate to Setup (Gear Icon) | Setup | Process Automation | Process Builder, to create a new process from scratch, click on the New Button available on Process Management page. A popup will appear where you have to enter the Name (Use Auto share record with Auditor as the name), API Name and Description as shown in the screenshot below:
- Once you are done, click on the Save button.
- Click on the Object node to add object and then select the Audit object. For the entry criteria, select when a record is created is edited, as shown in the screenshot below:
- Once you are done, click on the Save button.
- The next task is to add Process Criteria, so that process will only fire when the Auditor field is populated or updated ([Audit__c].Auditor__c Is null False). To do this click on Add Criteria, enter Name and Type of action, follow the instructions below:
- Once you are done, click on the Save button.
- Now we have to add an Immediate action into the Process to launch a flow so that it will auto share the audit record with Auditor. Click on Add Action (Under Immediate actions), Select the type of action (In our case Flow), and then fill the values into fields to define the action – as shown in the following screenshot:
- Once you are done, click on the Save button.
- In the end, your Process will look like the following screenshot:
- Do not forget to activate the Process by clicking on the Activate button.
It’s time to test the Flow!
Now onwards if a business user creates an audit record with auditor then Process Builder will automatically trigger and Launch the Flow then it will share the audit record with the auditor.
- Currently audit Dell PowerEdge Tower Servers doesn’t have an auditor, as shown in the following screenshot:
- Now update the audit record with the valid auditor, as shown in the following screenshot:
- To verify the outcome, click on the sharing button available on the record detail page and check out the sharing detail as shown in the following screenshot:
Note: – I am grateful to Resco.net and Taveza for sponsoring my blog.
