Restriction Rules

Restriction Rules are used when you want to prevent users from seeing specific object records downstream in a Master-Detail relationship. This is commonly setup in larger organizations who want to silo data and only allow certain users access to specific records. In this Article we will discuss how to use Restriction Rules on the Sales Appointment object to prevent Sales Rep user's from seeing each other's Appointments. You may want to use the Department field or the Division field on the User record, to silo which data the User can see. If you have two lines of business in the same Org (example: Plumbing and Electrical) you could use Division to differentiate between the two companies. In this example, we are differentiating the records based on Department, and only permitting Sales Department Users from seeing their own Appointments. 

The biggest difference between Restriction Rules and Sharing Rules is that a Sharing Rule requires the object to the Private to everyone (globally) whereas a Restriction Rule is more selective about which Users we are preventing from seeing the records. The privacy is not global but instead very strategic and may be only restricted to users in a specific Department or Division of the Company. Unlike the global Sharing Setting, the Restriction Rule would only impact the Users targeted in the Restriction Rule's User Criteria. 

If you are trying to prevent users from seeing data in a different location or territory, see also: Use Role Hierarchy for Location Sharing

Navigate to Setup > Object Manager > Sales Appointment

Navigate to Restriction Rules 

Click Create New Rule 

For the Rule Name, enter "Sales Rep 1" 

Enter a Description and be sure to select Is Active 

For the User Criteria, select the Department field, and choose an Operator of Equals string and enter the Value of the Department you want to Restrict (in this example: Sales). 

The User Criteria should look something like this: 

Next, you will need to set the Record Criteria for sharing. 

Select the Sales Rep 1 field with the arrow. 

Then select the User field.

Note this field references the User ID related to the Sales Rep 1 Staff record, click Choose 

Choose an operator of Equals then choose a Type of Current User, and in the Value select the User ID

This ensures that you are sharing Sales Rep 1's Appointments with the User ID related to the Sales Rep 1 Staff record. 

The Restriction Rule will look something like this when finished: 

Next, check the User records for the criteria conditions you have set. For my first example of Sales Rep 1 Restriction Rules I will need to look at the Department field on my User's records. 

If your List View does not have the Field you need to see, click Edit and add the field to the list view. 

In this example, we can see that 4 Users have the Department of "Sales" and therefore those Users should not be able to see the Sales Appointment record unless they are Sales Rep 1 on the Appointment. 

To test, make sure the Restriction Rules are Active and Login as one of the Sales Department Users:

Note: Be sure the User does not have an Admin Profile. Any Profile which has View All permissions on the Sales Appointment object WILL see all Sales Appointments, regardless of Restriction Rules.

Logged in as our Salesperson, navigate to the Sales Appointments Tab, select the All list view. 

Here you should see only the Sales Appointments which the logged in User is Sales Rep 1. 

Note: If you use a second Sales Rep on the Sales Appointment, see this article.