Sharing Records – unexpected behaviour

When a user shares a record with another user the sharing user specifies the permissions to share.

Consider this scenario:

a) User A is a member of one role only that gives him None – Delete access and Organization Level Read and Create Access on Accounts.

b) User B is a member of one role only that gives him User Level Delete access and Organization Level Read and Create access on Accounts.

c) User A may create and view accounts but not delete any and User B may create and view accounts but only delete the ones that he owns.

d) User A owns an Account, “ABC”. Neither User A nor User B can delete the ABC record but both users can view the account.

e)User A shares the account with User B and grants Read, Write and Delete.

f) The CRM application will allow User B to delete the account, “ABC”.

User A and User B have been able to acheive an outcome that neither of them could achieve separately. Although this may seem wrong, it is in accordance with the CRM security and sharing model. 

Leave a Comment

Your email address will not be published.