 Hello friends. I'm Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. In this video, I'm going to demonstrate how you can implement report level security and how you can open up like how you can share your reports with other users. So before starting, if you want to watch more Salesforce training videos, you can go to description of this video and you will find links of various playlist related to Salesforce. So you can follow them as well. So now first let's understand this statement that is written in front of you. So you can restrict access to records for users, even if user has object level permission. So if a particular user is having object permission, still you can restrict like that user won't be able to access the reports. So for example, a user can view his own reports but not others. So you can do this. So you can manage record level access in following ways. So first you need to implement organization by default. So this we use to restrict a report level access. Then if you want to open up a report level permissions, then you can use role hierarchy sharing rule for manual sharing. So first we are going to apply organization by default. So it specifies the default level of access of records or quite sharing setting locked down the data of the most restrictive level. So here you have three access levels, private public read only and public read write. Then you can use other record level security and sharing tools to open up the sharing of reports. So now I am going to demonstrate like how you can implement this organization by default. So in this browser I'm logged in with system admin user. So here you can see the name of the user Sanjay Gupta. So let me search users. So here you can see this is the user's full name and profiling system admin. And in another browser. So this is another browser and here I'm going to log in with this user because Gupta and this user's profile is my user profile. So I'm going to log in with this user. So now in system admin, if we go to account tab and if I select all accounts. So here you can see all the accounts reports are available and account owner is as Gupta. And at the bottom you will see two reports. Those are related to the cost. Now if I move to the cost Gupta user and open account records, all accounts. So here you can see I'm able to see both Sanjay Gupta account records and because now I'm going to apply record level security. So a system admin can view all the records even after you apply security model. So, but this because Gupta user won't be able to view all the records because this user is not a system admin. So now on system admin user, I'm going to search sharing settings. So you need to log in as a system admin. Then you can search for sharing settings and here you can see organization white defaults are available. So you need to click on edit. Now here you can see all the objects are available and their default internet access default external access and grant access using hierarchy these three options are available. Right. And it is showing all custom as well as standard objects. So now I'm going to change default internal access for this account object. So here you can see the options are available private public read only in public read. So I'm going to select private so that account records won't be available for all the users so each user can view their own account records. So the records that are owned by a particular user, they will be visible to the user, not all the records. Now I'm going to save this. So here you can see one or more sharing operations has been initiated. See below for additional details, certain operations may not be available. So it takes some time to apply this. So here you can see account opportunity and case sharing rules are depression because these all are related to account objects. So they are also getting refreshed. And once it is applied so an email will be sent by the Salesforce like this sharing or white sharing is applied or complete process is completed. So here you can see your request to change your organization white white sharing defaults has completed. Now you can do a refresh so that you can see the changes. So now this page is being refreshed. So now you will see account sharing model will be private. So here you can see now it is private. So if I move here and I refresh. So right now I am on system admin user browser. So I'm refreshing the page, clicking on accounts tab, selecting all accounts. And here you can see I am able to see Sanjay Gupta as well as Vikas Gupta's reports. Now I'm moving to another browser where I'm logged in as Vikas Gupta. So I'm refreshing this. So here you will see Vikas Gupta user can only able to view their own records only. So I am on all accounts and only two records are visible here. Sanjay Gupta owner records are not visible here. So this way record label security is implemented and user is able to view their own reports only. They are not able to see records of another user, right? So this way our first step is completed like we successfully implemented organization white defaults. So here you saw we have three options. So right now we opted private. If we select public read only. So in that case reports will be visible, but they will be visible in read only. It means you can view the records, but you won't be able to add it up. Record details, right? So if you choose this and click on save, so this will be applied. So right now I'm not applying this. So I'm leaving it as it is. So it is private. So I hope you understood this thing. So this is completed. Now I'm moving to this. So now we restricted record level access. Now we are going to open up that like we can how we can share records. Those are not accessible by a particular user. So for that we can apply first thing that is role hierarchy. So it gives access for users higher in the hierarchy that user can access all records owned by the users below them in the hierarchy. Each role in the hierarchy should represent a level of data access that user or user needs. So for this we need to implement role hierarchy so that records can be shared. And also focus on this. So here you can see grant access using hierarchies. If this checkbox is checked then only that role hierarchy will work for a particular object otherwise not. So for account it is checked. It means if we apply role hierarchy thing. So accounts report will be shared. Right. So now I'm going to apply that. So I'm going to duplicate this tab. So in setup we find we can search for roles. So here is the option. You need to choose this. Click on setup roles. So here you can set up the roles. So if you click on this plus. So these are the default roles. Those are available so you can click on expand all. So all the roles will be expanded. If you click on collapse all. So all will be collapsed. So I'm clicking on expand all and here various roles are available. Right. So top most role is CEO then under that CEO we have CFO CEO SVP customer service and support and other roles. So now what I'm going to do, I'm going to assign Sanjay Gupta user as a CFO role and because book as CEO so because we'll be on top of Sanjay Gupta. So it means because can have access to the reports owned by Sanjay. Right. So this way you can share reports of a particular user with a particular. So here I'm clicking on assign and I'm clicking Sanjay as a user and I'm clicking on save. Then for CEO role, I'm going to assign because as a user. And remember that one user can be assigned to only one role. So both are assigned here. Now I'm moving to the browser where I'm logged in as because. So now when I refresh this browser or page, so you will see because will be having access to his own records as well as Sanjay's reports. So you can see here, all the records which are owned by Sanjay are accessible by because and because is having their his own records. This is because we implemented sharing order. Right. So C or white defaults are private default internet and internal accesses private still because can access reports of Sanjay because we implemented role hierarchy. And if we uncheck this checkbox, then that role hierarchy won't work. So I'm clicking on edit. So here you can see for these standard objects, we won't be able to modify these, but if you go at the bottom. So for custom objects, we can deselect these options. So if we deselect the option, so we won't work for particular. Right. So this way you can manage this thing. So I'm clicking on cancel now. So this way I hope you understood how we can implement role hierarchies so that we can share the restricted reports with a particular user that is above a particular user in role. Now, if two users don't share role hierarchy, and still you want to share reports so that you can do with the help of sharing rules. Right. So, let's say two persons are two persons or two users are working in an organization, and they are on same level or same position. So they don't share any role hierarchy between them. So in that case, you can use the sharing rule. So these are exceptions to all white defaults. Through sharing rules, you can share reports to a group of users so that they can get access to the reports they don't own or can't manually. Right. So now I'm going to show you how you can apply that. So first I'm going to remove, sorry, I clicked on cancel, I just need to click on save. So I'm removing these users from the role hierarchy, so that I can show you how sharing rule works. So now I remove both the users from the role hierarchy and if I move here, if I refresh this, so again, you will see only two reports those belongs to the class only. So we are on all accounts list here and only two reports are available because we remove the users from the role hierarchy. Now I'm going to tell you how you can apply sharing rules. So OWD is private. Now we want to share the reports owned by Sanjay to the class. So for that, you can apply sharing rules. So those are available at the bottom of this OWD. So we need to implement account sharing rule. So you need to click on new button that is available here. So here you can apply label, rule name. So share account reports, you can put the description as per the requirement and select your rule type based on record order, based on criteria. So if you want to apply some predator criteria, you can apply that as well. And if you want to share the records based on record order, so you can choose first option, then select which reports to be shared. So accounts owned by member of. So here in step number three, you need to select which reports to be shared. So here you can see the options are available, public groups, roles, roles and subordinates. So if you click on public groups and if you have any public group then you can select. So the users which are in that public group, their reports will be shared. I am right now selecting all internal users. If I select roles, so I need to select a particular role. So user that is associated with that particular role, their reports will be shared. And if you select roles and subordinates, so this roles and subordinates. So let's say if I select CEO, so CEO and their subordinates reports will be shared. Right. So I am selecting public group, all internal users. Now select the users to share it. So with whom you want to share. So again, three options are available. So you can choose accordingly. So I'm selecting public group, all internal users. So records of all users will be shared with record with all users in the org. Right. So this you can select as per the requirements. So for demonstration purpose, I am selecting all internal users at both the places. Then select the level of access for the users. So again, we have two options, read only, read right. Then this is for account and contracts. Then opportunity and cases are linked with accounts. So for them, you can select these options as well because opportunity and cases are controlled by parents. So you can choose them as well. So right now I'm choosing read and write. So account reports of users will be shared with other users in the right form. And now I'm clicking on save. Okay. So here you can see this account sharing rule is implemented. So earlier I was able to access only because records because because of the order of these reports. Now I'm going to refresh the page and you will see because we'll be able to access the reports of other users as well. So you can see Sanjay Gupta records are available with the owner of the reports for account and because reports are also visible. Right. So this way, the sharing rules works. Right. So I hope you understood this thing as well. So this was about sharing now to open up report sharing third option is manual sharing. So it allows owners of particular reports to share them with another users manual sharing is not automated like or by defaults though hierarchy or sharing. It can be useful in some situations where you mentally want to share a report with another. Right. So if you want to share a particular record with a particular user, then this will be beneficial. So to apply manual sharing, you need to click on edit. And if you scroll down, so you will see this option, manual user record sharing. And if you see this help text, it says if enabled user can share their own user records. So you can share their records with other users. So I am checking this check boxes to clicking on save. So that is enabled. Now, I am removing this sharing rule. So I'm deleting this. Now refreshing the space for because the lockdown user. So again, you will see because only two records will be able to do because sharing rule is deleted. Through system admin user, I'm going to share manually a particular record. So right now because is seeing two records, but after manual sharing, I'm going to share one particular record so because will be able to do one more report that is owned by Sanjay. So now after enabling that option that is manual sharing. So currently that manual sharing button is not available in lightning. So we need to switch to classic so that we can view that button. So now I'm opening account. So here you can see the sharing button is available. So you can click on this button. And here you can see right now the owner is available here. So it is asking for adding another user so that this report will be shared. So here we have various options like with whom you want to share this report. So we have public group roles roles and subordinates and users. So I am selecting particular user that is the cost. And again, you can see account access to options. You can select any one related opportunity for options and related case record options are available. So you can choose them as per the requirement. So right now I'm choosing the user only and account access will be read right and I'm clicking on save. So now you can see this particular record account test account record is shared with two people. One is the owner of the record. Here you can see reason owner and here you can see reason manual sharing. And account access, opportunity access, case access are also listed here. So now if I move to Vikas browser where I'm logged in as Vikas Gupta. So here you will see three records. So two records are related to Vikas and one record is related to Sanjay. So this way manual sharing works. But for this you need to switch to classic because enlightening this button is not available. So you can do this in that way. So this way I explained you how you can restrict record level access to OWD and how you can open up record level sharing with rule hierarchies, sharing rules and manual sharing. So I hope with this video now you will be able to understand record level security in Salesforce properly. If you want to watch like how we can implement all level security, object level security and free level security. So in the description of this video, you will find link of a playlist that is data security in Salesforce. So open that playlist link and you will find all the related videos in that playlist. So thank you for watching this video.