Salesforce restriction rules
Salesforce restriction rules

Restriction Rules in Salesforce with Example

Restriction Rules in Salesforce

In this article let’s try to understand the use of restriction rule in Salesforce and what are the limitations of it. Restriction rules improve security by allowing specific users to access only specific records. They can prevent users from accessing records containing sensitive data or information that isn’t required for their job. Restriction rules are available for custom objects, external objects, contracts, events, tasks, time sheets, and timesheet entries. They can be configured in the Object Manager or via the Tooling or Metadata API.

Salesforce restriction rule
Salesforce restriction rule

When a restriction rule is applied to use, the records that the user is granted access to through org-wide defaults, sharing rules, and other sharing mechanisms are filtered by the criteria that you specify. Users, for example, see only records that meet the restriction rule’s criteria when they navigate to the Today’s Tasks tab or a list view for activities. If a user has a link to a record that is no longer accessible as a result of a restriction rule, the user receives an error message.

Keep in mind:

  • Review these considerations before creating a restriction rule on an external object.
  • External object restriction rules do not include organization-wide defaults or sharing mechanisms.
  • Restriction rules are supported only by Salesforce Connect external objects: OData 2.0, OData 4.0, and Cross-Org adapters.
  • When a rule is applied to a user, external objects created with the Cross-Org adapter do not support search or SOSL. Salesforce provides search results for the most recently viewed records.
  • It is recommended to disable search for external objects.
  • External objects created with the Salesforce Connect custom adapter are incompatible.

When Should I Apply Restriction Rules?

When you want specific users to see only a subset of records, use restriction rules. Restriction rules can control access to records containing sensitive or confidential information. Because it can be difficult to make access to contracts, tasks, and events truly private using organization-wide defaults, restriction rules are the best way to configure this visibility.

For example, you may have competing sales teams that cannot see each other’s activities, even if they are on the same account. You can use restriction rules to ensure sales teams see only relevant activities. Alternatively, if you provide confidential services to multiple people, use restriction rules so that only team members who support these people can see related tasks.

Configure the rules so that only one active rule applies to a given user when creating multiple restrictions or scoping rules. Salesforce does not validate that a user has only one active rule. Only one of the active rules is observed if you create two active rules and both rules apply to the same user.

We recommend turning off Salesforce Classic for Your Organization before creating restriction rules. Salesforce cannot guarantee that restriction rules will function properly for end users using Salesforce Classic.

What Effect Do Restriction Rules Have on Other Sharing Options?

Users are granted access to records based on your organization’s global defaults and other sharing mechanisms, such as sharing rules or enterprise territory management.

When you apply a restriction rule to a user, the data they had read access to via your sharing settings is further scoped to only records matching the record filter. This behavior is similar to filtering results in a list view or report, but it is permanent. The number of records visible to the user can vary greatly depending on the record filter value.

Salesforce restriction rule
Salesforce restriction rule

How Do I Set Up Restriction Rules?

By navigating to a supported object in the Object Manager or using the Tooling API or Metadata API, you can create and manage restriction rules. In the Enterprise and Developer Editions, you can create up to two active restriction rules per object. In Performance and Unlimited Editions, you can create up to five active restriction rules per object.

Where Restriction Rules are available?

Custom objects, external objects, contracts, events, tasks, time sheets, and timesheet entries all have restriction rules. Salesforce’s following features are subject to restriction rules:

  • List Views
  • Lookups
  • Related Lists
  • Reports
  • Search
  • SOQL
  • SOSL


Allow Users to See Only Specified Record Type

This restriction rule allows the designated users to see only the records that have a specified record type.

User Criteria User | Role ID [$User].UserRoleId Equals ID 00Exxxxxxxxxxxx
Record Criteria Object | Object Record Type ID | Name [Object].RecordType.Name Equals String Sample Record Type Name

Allow Users to See Only Records That They Own

This restriction rule allows users with the designated profile to see only the tasks that they own.

User Criteria User | Profile ID [$User].ProfileId Equals ID 00exxxxxxxxxxxx
Record Criteria Task | Assigned To ID (User)User ID [Task].Owner:User.Id Equals Current User $User.Id


You May Also like:

Check Also

Salesforce Reports Strong First Quarter Results for Fiscal 2024

Salesforce Reports Strong First Quarter Results for Fiscal 2024

Salesforce, the leading provider of customer relationship management (CRM) solutions, has announced its financial results …

Leave a Reply

Your email address will not be published. Required fields are marked *