ObjectOSConfigurePermissions
Record Access
Control which records a user can see or modify.
Record Access
Record access controls which rows a user can see or modify after object permissions allow the operation.
Mechanisms
| Mechanism | Purpose |
|---|---|
| Row-level security | Enforce tenant or organization isolation |
| Sharing rules | Grant access based on declarative criteria |
| Record shares | Grant access to a specific user, role, or group |
| Ownership/hierarchy | Grant access through owner or manager structure |
Default tenant isolation
The security plugin enforces tenant isolation through the current user's context. For standard platform objects, default rules protect global tables that do not carry the normal organization field.
The practical customer expectation is:
Users only see records that belong to their organization or records
explicitly shared with them.Sharing rules
Use sharing rules for repeatable business policies:
- all regional managers can read accounts in their region;
- support managers can see escalated cases;
- finance can read approved invoices;
- auditors can read records tagged for audit review.
Record shares
Use record shares for exceptions:
- share one opportunity with a specialist;
- grant temporary access during an escalation;
- give an external integration access to a specific record.
Troubleshooting visibility
When a user cannot see a record, check in this order:
- Is the user authenticated and in the expected organization?
- Does the user have object
readpermission? - Does row-level security allow the record?
- Is there a sharing rule that should apply?
- Is there a direct record share?
- Is the record owned by a user or role in the expected hierarchy?
- Is the user looking at the correct project/hostname?