Configuring Sharing Filters

Sharing filters are a security measure that allow you to restrict which Entity records users with specified security roles can view. The security role specified in Sharing Filters will not have read or edit access to the entity unless the filter criteria are met. Optional filters and advanced filter logic additionally restrict specific field values.

Before You Begin

Requirements

To enable sharing filters for Entities, users must be assigned a security role with the following permissions:

• Administrator System Role

Understanding Sharing Filters

Sharing Filters provide record-level security by restricting which records users can access based on field values. They work as an additional security layer on top of entity permissions.

How Sharing Filters Work

1. Entity permissions determine baseline access (All, Private, Team, etc.)
2. Sharing filters further restrict access based on field criteria
3. Users can only see records that meet the sharing filter criteria
4. If no filter criteria match, users cannot see those records

Sharing Filters vs Entity Permissions

Entity Permissions: Control broad access patterns (own records, team records, all records)

Sharing Filters: Provide fine-grained control based on specific field values

Together: Entity permissions grant access, sharing filters restrict it further

Common Use Cases

• Regional access control (sales reps see only accounts in their territory)
• Account type restrictions (partners see only partner-type accounts)
• Status-based visibility (users see only active records)
• Department-based access (support agents see only cases assigned to their department)
• Product line segregation (sales teams see only opportunities for their product lines)

Creating Sharing Filters

To enable sharing filters:

1. In the Setup Home page:

   • If you are enabling sharing filters for Magentrix Entities, click Create > Entities.
   • If you are enabling sharing filters for Salesforce Objects, click Extend > Salesforce.

2. Search for and click the Entity for which you want to enable sharing filters.

3. Click the Sharing Filters tab.

4. Click New.

5. In the Role field, select the security role for which you want to enable sharing filters.

6. In the Specify Optional Filters section, configure filters according to Filter Logic:

   Field: Select the field to filter by

   Operator: Select the comparison operator (see Available Filter Operators below)

   Value: Enter the value to compare against

7. If you want to add more than one filter, click Add Filter and then configure the filter.

8. In the Filter Logic field, enter filter logic for the sharing filter (e.g., "1 AND 2", "(1 OR 2) AND 3"). See Advanced Filter Logic below.

9. Click Save.

The sharing filter is now active for the specified security role. Users in that role will only see records matching the filter criteria.

Available Filter Operators

Sharing filters support a comprehensive set of comparison operators:

equals - Field value exactly matches the specified value

not equals to - Field value does not match the specified value

greater than - Field value is greater than the specified value (numeric or date fields)

less than - Field value is less than the specified value (numeric or date fields)

less or equal - Field value is less than or equal to the specified value

greater or equal - Field value is greater than or equal to the specified value

contains - Field value contains the specified text (case-insensitive)

does not contain - Field value does not contain the specified text

starts with - Field value begins with the specified text

does not start with - Field value does not begin with the specified text

includes - For multi-select picklists, includes the specified value

excludes - For multi-select picklists, does not include the specified value

Using Advanced Filter Logic

Filter logic allows you to combine multiple filter conditions using AND, OR, and parentheses to create complex criteria.

Filter Logic Syntax

Basic AND: 1 AND 2 - Both conditions must be true

Basic OR: 1 OR 2 - Either condition must be true

Complex Logic: (1 OR 2) AND 3 - Conditions 1 or 2 must be true, AND condition 3 must be true

Multiple Conditions: 1 AND 2 AND 3 AND 4 - All conditions must be true

Nested Logic: (1 AND 2) OR (3 AND 4) - Either the first pair or second pair must be true

Filter Numbering

• Filters are numbered in the order they are created (1, 2, 3, etc.)
• Reference these numbers in the Filter Logic field
• If you delete a filter, the numbers adjust automatically

Example Filter Logic

Scenario 1: Territory-based access

• Filter 1: Territory equals "West"
• Filter 2: Territory equals "Central"
• Filter Logic: 1 OR 2
• Result: Users see records from West OR Central territories

Scenario 2: Active partner accounts only

• Filter 1: Account Type equals "Partner"
• Filter 2: Status equals "Active"
• Filter Logic: 1 AND 2
• Result: Users see only active partner accounts

Scenario 3: Multiple conditions with grouping

• Filter 1: Region equals "North"
• Filter 2: Region equals "South"
• Filter 3: Status equals "Active"
• Filter Logic: (1 OR 2) AND 3
• Result: Users see active records from North or South regions

Practical Examples

Example 1: Regional Sales Access

Scenario: Sales representatives should only see opportunities in their assigned territory.

Configuration:

• Entity: Opportunity
• Role: Sales Representative
• Filter 1: Territory equals "West Coast"
• Filter Logic: 1

Result: Sales reps only see West Coast opportunities.

Example 2: Partner Portal Account Access

Scenario: Partner users should only see accounts marked as Partner type with Active status.

Configuration:

• Entity: Account
• Role: Partner User
• Filter 1: Account Type equals "Partner"
• Filter 2: Status equals "Active"
• Filter Logic: 1 AND 2

Result: Partners see only active partner accounts.

Example 3: Multi-Region Manager Access

Scenario: A regional manager oversees three territories and should see opportunities from any of them.

Configuration:

• Entity: Opportunity
• Role: Regional Manager
• Filter 1: Territory equals "North"
• Filter 2: Territory equals "Central"
• Filter 3: Territory equals "South"
• Filter Logic: 1 OR 2 OR 3

Result: Manager sees opportunities from all three territories.

Example 4: Product Line Segmentation

Scenario: Product specialists should only see opportunities for their product line with amounts over $10,000.

Configuration:

• Entity: Opportunity
• Role: Product Specialist
• Filter 1: Product Line equals "Enterprise Software"
• Filter 2: Amount greater than 10000
• Filter Logic: 1 AND 2

Result: Specialists see only enterprise software opportunities over $10,000.

Example 5: Department-Based Case Access

Scenario: Support agents should see cases assigned to either Technical or Billing departments, but only if they're not closed.

Configuration:

• Entity: Case
• Role: Support Agent
• Filter 1: Department equals "Technical"
• Filter 2: Department equals "Billing"
• Filter 3: Status not equals to "Closed"
• Filter Logic: (1 OR 2) AND 3

Result: Agents see open cases from Technical or Billing departments.

Combining Sharing Filters with Entity Permissions

Sharing filters work together with entity permissions to control access:

Scenario: Sales Team Access

Entity Permissions:

• Sales Rep: Read = Private (see own records)
• Sales Manager: Read = User and All Subordinates (see team records)

Sharing Filter for Sales Rep:

• Filter: Territory equals "West"

Result:

• Sales reps see only their own West territory opportunities
• Sales managers see all opportunities from their team members in the West territory
• The sharing filter restricts what the entity permission allows

Scenario: Partner Access

Entity Permissions:

• Partner User: Read = All

Sharing Filter for Partner User:

• Filter 1: Account Type equals "Partner"
• Filter 2: Partner Name equals "Acme Corp"
• Filter Logic: 1 AND 2

Result:

• Entity permission grants access to all accounts
• Sharing filter restricts to only Acme Corp partner accounts
• Partners see a subset of all accounts based on the filter

Best Practices and Recommendations

• Plan filter strategy carefully: Determine which roles need record-level restrictions before implementing filters.
• Test thoroughly: Verify that users see exactly the records they should and nothing more.
• Document filter logic: Maintain clear documentation of what each filter does and why it exists.
• Use meaningful field values: Ensure field values used in filters are consistent and well-maintained.
• Combine with entity permissions: Use entity permissions for broad access, sharing filters for fine-grained control.
• Keep filter logic simple: Complex filter logic with many nested conditions can be hard to maintain.
• Verify field data quality: Filters rely on accurate field data. Ensure fields used in filters are properly populated.
• Consider performance: Very complex filters on entities with millions of records may impact performance.
• Use OR sparingly: Too many OR conditions can create overly permissive access.
• Test with actual users: Log in as users with different roles to verify filter behavior.
• Coordinate with workflows: Ensure automated processes don't create records users cannot see.
• Plan for exceptions: Consider if certain users need broader access than filters allow.

Troubleshooting Tips

Issue: Users cannot see records they should have access to.

Solution: Review the sharing filter criteria. Verify that the field values on records match the filter conditions. Check that entity permissions also grant appropriate access.

Issue: Users see records they shouldn't have access to.

Solution: Review the filter logic, especially OR conditions. Ensure the filter logic is correct and that all necessary conditions are included.

Issue: Filter logic not working as expected.

Solution: Verify the filter logic syntax. Use parentheses to group conditions properly. Test each condition individually before combining them.

Issue: No records appear after applying sharing filter.

Solution: Check if any records actually meet the filter criteria. Verify that field values are populated correctly. Test with simplified filter logic to isolate the issue.

Issue: Filter working for some records but not others.

Solution: Check for blank field values. Filters may not match records with null values. Consider using "not equals to" or additional null-checking conditions.

Issue: Performance issues after adding sharing filters.

Solution: Simplify filter logic if possible. Ensure fields used in filters are indexed. Consider if the entity has too many records for complex filtering.

Issue: Filter behavior inconsistent across users.

Solution: Verify that the correct filter is assigned to each role. Check if entity permissions differ between roles, affecting how filters apply.

Issue: Cannot create sharing filter for a role.

Solution: Ensure the role exists and that you have administrator permissions. Also verify that the entity supports sharing filters.

Issue: Sharing filter not applying to API access.

Solution: Sharing filters should apply to API operations. Verify that the API is using proper authentication and that the user's role is correctly identified.

Issue: Records disappear after field value changes.

Solution: This is expected behavior. When a field value changes and no longer meets the filter criteria, users lose access to that record. Ensure users understand this behavior.

Interaction with Other Security Features

Entity Permissions

Entity permissions must grant access before sharing filters can restrict it:

• If entity permission is "None", sharing filters have no effect
• Sharing filters can only restrict, never expand, entity permissions
• Use entity permissions for broad access, sharing filters for restrictions

Field-Level Security

Field-level security works independently:

• Users must have read permission on fields used in filters
• If users cannot read a field, filter behavior may be unpredictable
• Ensure filter fields are readable by affected roles

Record Ownership

For entity permissions based on ownership:

• Sharing filters apply after ownership rules
• A user might own a record but not see it if filters exclude it
• Coordinate ownership-based permissions with filter criteria

Validation Rules

Validation rules and sharing filters serve different purposes:

• Validation rules control what data can be saved
• Sharing filters control what data can be seen
• They operate independently

See Also

• Configuring Entity Permissions
• Configuring Field Security For Entities
• About Manager Hierarchy
• Filters and Filter Logic
• About Entity Management

Jump to Magentrix Entity Checklist

<< Setting Up Validation Rules | Designing Page Layouts >>