Users inherit permissions from groups
When working with Record Level Security it is important to keep in mind that users inherit permissions from the groups to which they belong. A simple illustration may suffice (see below for more details).
As the name suggests, all users are members of group Everyone. Let us give Everyone permission to Edit
this record:
Now when we check the permissions of the Admin group we see that not only is the Display
permission grEdit
:
Note:
If your objective is to remove permissions for a user / group and you find that a permission you wish to remove is gr
For this demonstration of how users inherit permissions from the groups to which they belong, the default group Everyone is given the Display
permission for a record:
When user gerard is added to the Security box he inherits the Display
permission (which is therefore gr
Note: Technically, the minimum permission a user / group has is the Display
permission (a user / group added to the Security box will always already have the Display
permission by virtue of being added to the Security box).
User gerard can be given both Edit
and Delete
permissions (as they are not inherited from group Everyone in this example). In this case we only want to give user gerard the Edit
permission, but not Delete
:
User gerard is also a member of group Edit
and Delete
permissions:
User gerard inherits permissions from all groups to which he belongs when those groups are added to the Security box, and now we see that he has the Delete
permission which we did not want him to have:
If we only wanted user gerard to have Edit
permissions but wanted other members of group Edit
and Delete
, one solution would be to remove user gerard from group
Note: If you wish to restrict access to a record, be sure to remove group Everyone from the Security box.