Without restriction rules, users who have access to an account can view its contracts, tasks, and events, even if the organization-wide default is set to Private. For custom objects, users can view all their child records. With throttling rules, you can define which users see which records in Lightning Experience for custom objects, timesheets, timesheet entries, contracts, tasks, and events, and set up truly “private” access for those objects. Creating, editing, and deleting constraint rules is available in object manager (new in Winter `22) and through the tools and metadata APIs. Restriction rules are usually available in the Winter `22 version! We`ve also updated the Developer Guide and published a Learn MOAR blog post on the topic. Throttling rules allow certain users to access only certain records. Throttling rules prevent users from accessing records that may contain sensitive data. They can also be used to help users see what they need for their daily work. When a throttling rule is applied to a user, the data they had read access to through your sharing settings continues to be limited only to records that match the recordFilter. This behavior is similar to filtering results in a list view or report, except that it is persistent. The number of records visible to the user can vary greatly depending on the value you set in the recordFilter. Over the summer of `21, we introduced you to a whole new way to manage your organization`s access control with restriction rules, an easy-to-manage feature that lets you choose which users to see which subset of records.
In winter `22, you can create constraint rules in the Object Manager and select one of the supported objects. You can also create restriction rules by using the RestrictionRule tool object or the RestrictionRule metadata type. Here is a constraint rule created with the Tooling API that allows users with the specified profile to view only the task records they own. The solution? Restriction rules! We create the following restriction rule so that users only see internal contracts in Sally`s role. We define the user criteria or users to whom the rule applies to Sally`s role ID. We set the recordFilter, or records displayed to these users, on contracts with the “Internal” record type. Lightning Experience has throttling rules for all of these features: Users have access to records based on their enterprise-wide defaults and other sharing mechanisms, such as sharing rules or enterprise territory management. If you are interested, you can try it from Winter `22 with a development, business, unlimited or performance organization! For more information, see the Limitation Rules Developer Guide. And if you have any questions or comments, contact Salesforce Support or check out the Trailblazer Restricted Rules community resources. If you have users who only want access to a specific subset of records, throttling rules provide another layer of security that you can override your existing organization-wide default settings, sharing rules, and other settings. Throttling rules also allow you to configure your access so that custom objects, timesheets, timesheet entries, contracts, tasks, and events are completely “private,” even for users with access to linked accounts, which was not possible before.
And here is our result. Now, Sally only sees the internal contracts necessary for her role in this report. Dana Holloway is a Senior Technical Writer for the Record Access Experience team. For example, let`s say your Sally employee can currently view four contracts with different types of records in a single report. But for Sally`s role, she only needs to see the internal contracts. Sally`s access to other types of contract records is a security issue. Plus, it slows down Sally`s productivity to see contracts that have nothing to do with her work. Larry Tung is a product manager for the Record Access Experience team, where he`s working on the next generation of sharing features. .