A customer recently asked for a way to limit a user to be able to see only those Client master records for which the user has related Opportunities records. One reason this could be useful is to avoid exposing a business’ entire Client data table to the sales force or other employees, and yet allowing access to data that are relevant and needed to perform the employee’s job.
I thought it could be interesting to share here a generic way to set permissions for a role to be able to view only Master records which have related Details records that are “connected” to the signed-in current user.
There are at least two approaches. The one described here does not necessitate creating a field in the Details table, although a field will need to be created in the Master table.
1. Create a new Summary field in the Master table. See “Creating a Summary Field.”
Choose the option “The number of <Details> related to that <Master>”
Set the optional Matching Criteria to “Only summarize records where the following is true in <Detail>”:
[Some User-type field] “is the current user”
Click OK and choose a name for the new summary field > OK.
2. Create a custom access rule for the Role and the Master table. See “Creating a Custom Access Rule.”
From menu Customize > Roles > select a Role > scroll to the <Master> table:
View Records > “Custom Rule” > edit > pick the summary field created above > “is greater than” > “0″ > Accept Rule
Possible examples of application:
Allowing a user to view only those project records which have one or more tasks with the [Assigned To] field value set to that signed-in current user. Or, allowing a user to view only those contact master records which have one or more activites assigned to that user.
For more details see the KnowledgeBase article: “How can I set Permissions for a Role to be able to view only Master records which have related Details records that are “connected” to me?“