2
We, like many have a matrixed organisation such that:
Sales are organised into geographies (territories in CRM)
Products are organised into product lines and then lines of business.
We have a third demension of contracting entity, related to multiple legal entities, managed by finance.
The current security model only support one dimension - that of and then, separately access teams for sharing records.
The problem that needs solving is simple:
-Sales should have access to the records in their territory
-Product lines should have access to the records for their product line
-Finance should have access to the records for their contracting entity
In theory this could be achieved with access teams, by running automation workflows that add and remove members from teams as their user record is linked to the relevant territory, product line or contracting entity and share and unshare records from access teams as they are linked/delinked from the relevant entities. However this requires a lot of coding and maintenance.
Ideally a security role should allow an additional dynamic filters to be linked to each entity permission row (such as opportunity).
We have a lookup on opportunity to a custom "product line" entity
We have a lookup on the user to the same "product line" entity
So we could create a "product line user" security role with an additional filter where a field matches that of the user. This would only be applicable where there are parental relationships from both the entity (such as opportunity) and the user to the controlling entity (custom "product line" entity, in this case).
The dynamic filter should allow multiple controlling entities, and include equals and not-equals operators.
Sales are organised into geographies (territories in CRM)
Products are organised into product lines and then lines of business.
We have a third demension of contracting entity, related to multiple legal entities, managed by finance.
The current security model only support one dimension - that of and then, separately access teams for sharing records.
The problem that needs solving is simple:
-Sales should have access to the records in their territory
-Product lines should have access to the records for their product line
-Finance should have access to the records for their contracting entity
In theory this could be achieved with access teams, by running automation workflows that add and remove members from teams as their user record is linked to the relevant territory, product line or contracting entity and share and unshare records from access teams as they are linked/delinked from the relevant entities. However this requires a lot of coding and maintenance.
Ideally a security role should allow an additional dynamic filters to be linked to each entity permission row (such as opportunity).
We have a lookup on opportunity to a custom "product line" entity
We have a lookup on the user to the same "product line" entity
So we could create a "product line user" security role with an additional filter where a field matches that of the user. This would only be applicable where there are parental relationships from both the entity (such as opportunity) and the user to the controlling entity (custom "product line" entity, in this case).
The dynamic filter should allow multiple controlling entities, and include equals and not-equals operators.
STATUS DETAILS
Needs Votes