Salesforce Restriction Rules

Have you ever wanted to restrict certain records to users and want to bypass org-wide defaults? You can with Restriction Rules.

Salesforce Restriction Rules are a feature in Salesforce that allows administrators to restrict access to specific data, fields, or functionalities in the platform based on specific criteria or conditions. For example, restriction rules can control access to data, fields, or functions based on a user’s profile, role, or other criteria, such as the data’s ownership or sharing settings.

Restriction Rules provide additional security to your organization by limiting access to records to a selected group of users. With this, you can prevent users from viewing records containing sensitive data or unnecessary information.

Different Types of Salesforce Restriction Rules

• Record-Level Restrictions: These rules restrict access to specific records based on criteria such as the record’s ownership, sharing settings, or custom fields.
• Field-Level Restrictions: These rules restrict access to specific fields on records, such as hiding or making them read-only.
• Object-Level Restrictions: These rules restrict access to specific objects, such as hiding them from the navigation menu or making them read-only.
• Tab-Level Restrictions: These rules restrict access to specific tabs, such as hiding them from the navigation menu.
• Function-Level Restrictions: These rules restrict access to specific functions such as mass actions, record merge, or other functions.

Restriction rules can be helpful to ensure that sensitive data is only accessible to authorized users, and also it can help to enforce compliance with regulations or internal policies. However, it’s important to note that these rules can be complex to set up and maintain. Therefore, it’s a good idea to test them before applying them to the production environment to avoid unintended consequences.

When a restriction rule is applied to a user, the specified criteria filter the records to which the user is granted access via org-wide defaults, sharing practices, and other sharing mechanisms. For example, users who navigate to the Today’s Tasks tab or a list view for activities see only the records meeting the restriction rule’s criteria. If a user has a link to a record that is no longer accessible after applying a restriction rule, the user sees an error message.

Objects That Support Salesforce Restriction Rules

• Custom Objects
• Contracts
• Events
• Tasks
• Time Sheets
• Time Sheet Entries

Where Are Salesforce Restriction Rules Applied?

• List Views
• Lookups
• Related Lists
• Reports
• Search
• SOQL
• SOSL

Limitations of Salesforce Restriction Rules

• Enterprise and Developer edition allows for two rules per object
• Performance and Unlimited allow for five rules per object
• Criteria are limited to the Equals operator and do not support formula fields
• NOT currently available for some commonly used standard objects like Accounts, Contacts, Opportunities, and Cases.
• Restricting access to these objects would require more conventional Salesforce security like Roles, Profiles, Permissions, and Field Level Security.

How To Set Up Salesforce Restriction Rules

1. Go to Setup

2. Click on Object Manager

3. Click on the object that you want to create a Restriction Rule

4. Click on Restriction Rule

5. Click Create New Rule

6. Enter the Name and add the criteria

7. Click on Save

NOTE: Before setting up a restriction rule on an external object, review these considerations.

• Restriction rules for external objects don’t include organization-wide defaults or sharing mechanisms.
• Only external objects created using the Salesforce Connect: OData 2.0, OData 4.0, and Cross-Org adapters support restriction rules.
• External objects created using the Cross-Org adapter don’t support search or SOSL when a rule is applied to a user.
• Salesforce returns only search results that match the most recently viewed records.
• Disabling search on external objects is recommended.
• External objects created using the Salesforce Connect: Custom Adapter isn’t supported.
• Be sure to test using a sandbox thoroughly before making these rules live in production.

Additional Salesforce Restriction Rule Considerations

Review additional Restriction Rule considerations on the Salesforce Help page.

Do you need help with Salesforce integration? Check out our Salesforce Blogs, written by certified Salesforce experts! In addition, we provide Salesforce consulting services and implementation services – talk to us today!