**Note: This content is intended for system administrators and is technical in nature**
With Practifi, your firm has control over which users can view which objects and records on the platform. The sharing tools in Practifi give your firm the flexibility to take a permissive or restrictive approach. Organization-wide settings establish the foundation, defining the base level of access for various objects. Administrators then can layer on sharing rules and Sharing Scope to fine-tune who in the organization has access to what. This article provides an overview of the available functionality, as well as best practices for setting up sharing.
Please note: To ensure the best outcome, we recommend working with your Implementation Consultant or Client Success Manager when setting up sharing in your Practifi organization.
- Organization-Wide Settings
- Sharing Rules
- Sharing Scope
- Public Groups
- Use Case: Sharing within a Division
The Sharing Settings page in Salesforce Setup displays organization-wide sharing settings for Practifi objects. These settings specify the baseline level of internal and external access in the absence of any sharing rules. Each object in Practifi has options for Default Internal Access and Default External Access:
- Public Read/Write: All users can see and change all records. This is the default level of internal access for an object. Use this setting for objects if you’re not concerned with them being shared across the organization.
- Public Read Only: Everyone can see everything, but they cannot change records that they do not own or for which a sharing rule has granted them write access. Use this where clients want everyone to have visibility into other parts of their business but where only certain groups can be permitted to change records.
- Private: Only the owner of the record has access. Sharing rules can be configured to provide access to other users, and this can be either read-only or read/write. Use this to tightly control who can see or write to records.
The Contact and Activity standard objects have an additional setting:
- Controlled by Parent: The sharing of this record is the same as its parent. For example, if a task is related to a client, its visibility will be the same as the client it’s related to.
The Calendar object has its own set of options:
- Hide Details: Others can see whether the user is available at given times but can’t see any other information about the nature of events in the user’s calendar.
- Hide Details and Add Events: In addition to the sharing levels set by Hide Details, users can insert events in other users’ calendars.
- Show Details: Users can see detailed information about events in other users’ calendars.
- Show Details and Add Events: In addition to the sharing levels set by Show Details, users can insert events in other users’ calendars.
Please note: We recommend setting the organization-wide default to the lowest level required for any use case your firm needs, e.g. if you want Services to be private for any users, the organization-wide default setting must be Private.
Sharing rules represent the exceptions to your organization-wide default settings. They allow you to extend record access to users regardless of their place in the role hierarchy. If you have organization-wide sharing defaults of Public Read Only or Private, you can define rules that give additional users access to records they don’t own.
Sharing is an additive process, i.e. you are always granting users more access than they currently have and there isn’t a way to remove access to a record that a user would otherwise see.
There are two types of sharing rules:
- Based on Record Owner: Records are shared based on the user that owns the record, either via Public Groups or the Role hierarchy.
- Based on Criteria: Records to be shared are identified by rules that reference fields that exist on the record in question.
Please note: Due to Practifi’s expanded object model and hierarchy, it can be challenging to create sharing rules across the many types of records that could be associated with an Entity, such as Assets, Financial Plans, Relationships, Processes, etc. The Sharing Scope feature is intended to make it easier to create criteria-based sharing rules at scale.
To facilitate the configuration of sharing rules, Practifi provides a utility called Sharing Scope. In its simplest form, this is a special field that exists on each object within our object model that is automatically populated as records are created and related to each other based on the Practifi object hierarchy.
Sharing Scope populates a text field on an Entity record and copies that value to all the child records under that Entity, making it much easier to set up criteria-based sharing rules on those child objects by referencing the Sharing Scope.
Trigger Settings for Sharing Scope
There are two custom settings for Sharing Scope in Practifi Trigger Settings: Copy Division Sharing Scope and Copy Entity Sharing Scope. Enabling these settings allows the Sharing Scope defined at the Division or Entity level to underlying records.
Here's how Sharing Scope is handled for these triggers:
Copy Division Sharing Scope: Turning on this trigger allows the Sharing Scope for a division to be copied to child records. Currently, the Account and PersonAccount objects are included.
Copy Entity Sharing Scope: Turning on this trigger will copy the Sharing Scope field from parent accounts to their child accounts. For example, an Asset is a child record of a Client. When an Asset is associated with a Client, the triggers copy the Sharing Scope from the Client record onto the Asset record. This way, whatever the Sharing Scope is for the client will also be the Sharing Scope of their related assets. The Copy Entity Sharing Scope trigger setting impacts the following objects:
- Asset Allocation
- Asset/Liability Role
- Contact/ PersonAccount
- Financial Product
- Income/Expense Role
- Noticeboard Post
- Objective Relation
- Policy Coverage
- Policy Coverage Role
- Policy Role
- Reference Document
- Retirement Income
- Team Member
Used in conjunction with sharing rules, Public Groups are used to set record visibility based on a user’s membership in a group. When creating sharing rules in Salesforce Setup, Public Groups are an option for selecting which users to share records with.
As detailed in the use case below, an organization can have Public Groups that correspond to its Divisions, allowing Entity records to be shared with all users in the same Division. While this is a common use case, Public Groups can also be used outside of the Division setup to grant access to specific subsets of users based on role, responsibilities, etc.
Use Case: Sharing within a Division
Let's use an example to show how these features work together. Say we want all users at the Chicago headquarters to have read/write access to each other's Entity records. We can accomplish this using a combination of divisions, trigger settings, Sharing Scope, Public Groups and sharing rules.
Please note: The following is a broad overview and is not intended to be a complete set of step-by-step instructions. Please reach out to your Practifi contact with any questions.
Enable Sharing Scope Triggers
In Custom Settings, we'll edit the Practifi Trigger Settings and enable the following triggers:
- Copy Division Sharing Scope
- Copy Entity Sharing Scope
Create a Division
We'll create a division in the organization called Chicago.
Add Users to the Division
Next, we'll add all users from the Chicago office to the Division.
Set the Sharing Scope for the Division
On the Chicago Division record, we'll enter Chicago in the Sharing Scope field. We will reference this field in the sharing rule we set up later.
Please note: The Sharing Scope field might need to be added to the Division page layout.
Create a Public Group
In Salesforce Setup, we'll create a new Public Group called Chicago and add all the users who are members of the Chicago Division.
Create a Sharing Rule
With the triggers, Division, Sharing Scope and Public Group in place, we'll create a new Account Sharing Rule in Sharing Settings with the following criteria:
- Sharing Scope field equals Chicago
- Share with public group Chicago
- Default Account access equals Read/Write