Activity Forums Salesforce® Discussions What is the use of writing sharing rules? Can you use sharing rules to restrict data access?

  • Avnish Yadav

    August 24, 2018 at 1:59 pm

    Hi Prachi,

    Top 50 Salesforce Interview Questions And Answers
    This list of Salesforce interview questions is divided into 9 sections, each for different aspects of Salesforce. #8 has answer to your question.

    Salesforce fundamentals
    Declarative features
    Audit & reporting features
    Data modeling and data management
    Logic & process automation
    Software testing
    Debug & deployment tools
    Integration features
    Programmatic features

    A. Salesforce Fundamentals – Salesforce Interview Questions
    1. Can two users have the same profile? Can two profiles be assigned to the same user?
    Profiles determine the level of access a user can have in a Salesforce org.

    As far as the first part of the question is concerned, Yes. One profile can be assigned to any number of users. Take the example of a Sales or Service team in a company. The entire team will be assigned the same profile. The admin can create one profile: Sales Profile, which will have access to the Leads, Opportunities, Campaigns, Contacts and other objects deemed necessary by the company.

    In this way, many users can be assigned the same profile. In case the team lead or manager need access to additional records/ objects then it can be done by assigning permission sets only for those users.

    Answering the second part of the question, each user can only be assigned 1 profile.

    2. What are Governor Limits in Salesforce?
    In Salesforce, it is the Governor Limits which controls how much data or how many records you can store in the shared databases. Why? Because Salesforce is based on the concept of multi-tenant architecture. In simpler words, Salesforce uses a single database to store the data of multiple clients/ customers. The below image will help you relate to this concept.
    To make sure no single client monopolizes the shared resources, Salesforce introduced the concept of Governor Limits which is strictly enforced by the Apex run-time engine.

    Governor Limits are a Salesforce developer’s biggest challenge. That is because if the Apex code ever exceeds the limit, the expected governor issues a run-time exception that cannot be handled. Hence as a Salesforce developer, you have to be very careful while developing your application.

    Different Governor Limits in Salesforce are:

    Per-Transaction Apex Limits Platform Apex Limits
    Static Apex Limits
    Size-Specific Apex Limits
    Miscellaneous Apex Limits
    Email Limits
    Push Notification Limits

    3. What is a sandbox org? What are the different types of sandboxes in Salesforce?
    A sandbox is a copy of the production environment/ org, used for testing and development purposes. It’s useful because it allows development on Apex programming without disturbing the production environment.

    When can you use it?
    You can use it when you want to test a newly developed application or Visualforce page. You can develop and test it in the Sandbox org instead of doing it directly in production.

    This way, you can develop the application without any hassle and then migrate the metadata and data (if applicable) to the production environment. Doing this in a non-production environment allows developers to freely test and experiment applications end to end.

    Types of Sandboxes are:

    Developer Pro
    Partial Copy

    4. Can you edit an apex trigger/ apex class in production environment? Can you edit a Visualforce page in production environment?
    No, it is not possible to edit apex classes and triggers directly in production environment.

    It needs to be done first in Developer edition or testing org or in Sandbox org. Then, to deploy it in production, a user with Author Apex permission must deploy the triggers and classes using deployment tools.

    However, Visualforce pages can be created and edited in both sandbox and in production.

    Only if the page has to do something unique (different values), it would have to be developed via Sandbox.

    5. What are the different data types that a standard field record name can have?
    A standard field record name can have data type of either auto number or text field with a limit of 80 chars.

    For generating auto numbers, the format needs to be specified while defining the field and after that for every record that is added, the number will get auto generated. For example:-
    Sr No-{1}
    Sr No-{2}
    Sr No-{3}

    6. Why are Visualforce pages served from a different domain?
    Visualforce pages are served from a different domain to improve security standards and block cross-site scripting. Take a look at the highlighted portion in the below Visualforce page:-

    B. Declarative Features – Salesforce Interview Questions

    7. What is WhoId and WhatId in activities?
    WhoID refers to people. Typically: contacts or leads. Example: LeadID, ContactID

    WhatID refers to objects. Example: AccountID, OpportunityID

    8. What is the use of writing sharing rules? Can you use sharing rules to restrict data access?
    Sharing rules are written to give edit access (public read and write) or public read-only access to certain individuals in Salesforce Org. A classic example is when:- only your managers or superiors need to be given extra credentials to your records in objects as compared to your peers.

    By default, all users in your organization will have organization-wide-default sharing settings of either Public Read Only or Private.
    To give access to more records, which users do not own, we write sharing rules.
    Example: Sharing rules are used to extend sharing access to users in public groups or roles. Hence, sharing rules are not as strict as organization-wide default settings. They allow greater access for those users


  • shariq

    September 21, 2018 at 12:34 am


    Sharing enables record-level access control for all custom objects, as well as many standard objects (such as Account, Contact, Opportunity and Case). Administrators first set an object’s organization-wide default sharing access level, and then grant additional access based on record ownership, the role hierarchy, sharing rules, and manual sharing. Developers can then use Apex managed sharing to grant additional access programmatically with Apex. Most sharing for a record is maintained in a related sharing object, similar to an access control list (ACL) found in other platforms.

    Hope this helps.

  • Parul

    September 21, 2018 at 4:46 am

    Adding more points:

    Sharing rules to extend sharingaccess to users in public groups or roles. As with role hierarchies, sharing rules can never be stricter than your org-wide default settings. They just allow greater access for particular users. You can share records owned by certain users or meeting certain criteria.


Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos