Skip to content

Salesforce Restriction Rules Explained

Salesforce Restriction Rules Explained.

1. What are Salesforce Restriction Rules?

Create Salesforce Restriction Rules

Salesforce Restriction Rules prevent users from accessing records the user has access to via org-wide defaults, sharing rules, and other sharing mechanisms. Restriction rules are available for custom objects, contracts, events, tasks, time sheets, and time sheet entries.

Restriction Rules can be configured through the Tooling or Metadata API. You can create up to two restriction rules per object in Enterprise and Developer Editions and up to five restriction rules per object in Performance and Unlimited Editions.

2. Where are Restriction Rules Available?

Restriction rules are available for custom objects, contracts, events, tasks, time sheets, and time sheet entries. Restriction rules are applied to the following Salesforce features:

  • List Views
  • Lookups
  • Related Lists
  • Reports
  • Search
  • SOQL
  • SOSL

3. Where do Restriction Rules fit in along with other Sharing Settings?

Before Restriction Rules Users get access to records based on your organization-wide defaults and other sharing mechanisms, such as sharing rules or enterprise territory management.

Before Restriction Rules
Image Courtesy: Restriction Rules Developer Guide

With Restriction Rules the data users were able to see earlier via your sharing setting is further scoped to only records matching the recordFilter.

Before Restriction Rules
Image Courtesy: Restriction Rules Developer Guide

4. Restriction Rules Considerations

  • Restriction rules support custom picklist values in user criteria. If you delete a custom picklist value used in a restriction rule, the rule no longer works as intended.
  • Create only one restriction rule per object per user. In other words, for a given object, only one restriction rule at most should have the userCriteria field evaluate to true for a given user.
  • Creating a restriction rule for an object doesn’t automatically restrict access to its child objects. To secure these child objects, you must use other sharing mechanisms.
  • Restriction rules aren’t applied for code executed in System Mode.
  • Restriction rules don’t apply to users with the View All Data and Modify All Data permissions.
  • supports these data types in the recordFilter and userCriteria fields:
    • boolean
    • date
    • dateTime
    • double
    • int
    • reference
    • string
    • time
    • single picklist (user criteria only)

6. Create a Salesforce Restriction Rule

  1. Setup -> Object Manager -> Custom Object Name -> Restriction Rules -> New Rule
  2. Enter Rule Name, Full Name and Description
  3. Select Is Active Checkbox
  4. Enter User Criteria – Please design your restriction rules so that only one active rule applies to a given user.
  5. Enter Record Criteria
  6. Click Save

7. Additional Resources

Restriction Rules offer another mechanism to restrict records based on business requirements. What are your thoughts on Salesforce Restriction Rules, please let us know in comments!


Please Leave a Comment

error: Content is protected !!