Restriction Rules in Salesforce

Traditionally, to control the visibility of records in Salesforce, we used to start with the most restrictive setting (i.e. setting OWD to Private for an object) and then opening up the access using various features like role hierarchy, sharing rules, teams etc. 

Consider the following diagram. Before Restriction rules, we started with the most restrictive setting and then opened up access using various features.

Before Restriction Rules in Salesforce

(Image Source: Restriction Rule Developer Guide)

But, now with Winter ’22 Release of Salesforce, we can also define a rule to restrict the visibility of records. For example, even if we have defined the OWD to Public Read or Public Read/Write on an object, we can now add restriction rules to hide certain records from certain users. 

After Restriction Rules in Salesforce

(Image Source: Restriction Rule Developer Guide)

So, What Are Restriction Rules?

Restriction Rules allow admin to restrict the visibility of selected records from selected group of users. It went GA (Generally Available) in Salesforce Winter ‘22 Release.

Which Objects are Supported for Restriction Rules?

As of now only the following objects are supported for Restriction Rules:

  1. Custom Objects
  2. Contracts
  3. Events
  4. Tasks
  5. Time Sheets
  6. Timesheet Entries

Where are Restriction Rules Applied?

Once defined, Restriction Rules are applied to the following Salesforce features:

  1. List Views
  2. Lookups
  3. Related Lists
  4. Reports
  5. Search
  6. SOQL
  7. SOSL

What are the Current Limitations & Considerations for Restriction Rules?

  1. Only two Restriction Rules can be created on the supported objects in Enterprise Edition & five in Unlimited & Performance Edition
  2. Only below data types are supported in the recordFilter and userCriteria fields:
    1. Boolean
    2. Date
    3. DateTime
    4. Double
    5. Int
    6. Reference
    7. String
    8. Time
  3. Restriction rules support only the EQUALS operator. The AND, OR, or any other operators aren’t supported.
  4. The use of formulas isn’t supported.
  5. You can use a change set to move restriction rules from one org to another.
  6. If you include IDs in your recordFilter or userCriteria fields that are specific to your Salesforce org (such as a role, record type, or profile ID), you must modify these IDs in the target org if different from the org where the restriction rules were originally created.

Ok, that’s enough talk. Now, let’s take a look at Restriction Rules in action in just under 10 minutes.

To download a PDF copy of the presentation above

check to receive weekly updates on more of such awesome guides

(You'll never be spammed on my watch. And that's a promise)

References & Useful URLs: