While implementing Salesforce Community, identifying the record access requirements is an important steps which we all should do before procuring user licenses or setting up the communities. The reasons why I am telling this are –
- Sharing options in Communities depends on the type of Community User License (Customer or Partner)
- Even with the most open user license (Partner), there are few “gotchas” when it comes to sharing in a Community.
- You need to adjust internal sharing settings to make sure you are not giving unwanted record access to your community users.
Salesforce has a great chart here
which compares features between Customer and Partner user license. But I prefer the below picture while deciding the license types.
In short, Customer licenses are designed for high-volume applications with any complex sharing requirements. Customer licenses are not having any roles. That is why sharing rules, Apex sharing and manual sharing are not available for Customer licenses.
On the other hand, Partner licenses are having access to more object types. For example, if you want community users should have access to Leads, Opportunities, Campaigns, upload contents then you need Partner license. Partner licenses are having roles so sharing options are available.
In addition to the above two licenses, Salesforce has Customer Plus license which is kind of middle between Customer and Partner license. So if your requirement is that you want your customers to have full access to Accounts, view access to Contents, ability to create Tasks, view access to Reports and Dashboards, and role-based sharing, then you should got for Customer Plus license.
So the difference between Customer Plus license and Partner license is that users with Partner license can access “premium” standard objects Leads, Campaigns, Opportunities.
Sharing Options with Customer License:
We basically have two options here: Sharing Sets and Share Groups. So let’s explore both with some use cases so that it will become easier to understand.
Sharing Sets will allow you to grant a external user access to records based on relationship with the user’s contact or account (or a contact or account related indirectly to the user through some lookup relationship).
Use Case: Requirement is to share all cases created under the same account to all users in the same community.
Share Groups allow to share records owned by community users with internal users. Basically you can use Share Groups to share records owned by an External user (with a Customer Community or High-Volume Customer Portal License) with Internal users, partner users, or other High-Volume external users in the same account).
Use Case: Requirement is to share cases created by external community users with Call Center Reps (Internal users). (Account restriction applies to High-volume external users only).
Important Point to Remember:
- Sharing Sets: External User -> External User
- Sharing Group: External User -> Internal User
Sharing Options with Partner License/Customer Community Plus License:
With Partner license, you have five options – Role Hierarchy, Super User Access, Sharing Rules, Manual Sharing, Apex Sharing.
Each partner account can have 3 roles (Executive, Manager and User). Using record ownership and role hierarchy is the simplest way to share records among Partner users in the same account.
Use Case: Requirement is to allow some partner users to see only those records which they create, whereas for other partner users they should be able to see records created by others below them in role hierarchy.
Super User Access:
Partners with Super User access will be able to see records created by other users in their account at the same level or lower in the role hierarchy, for Cases, Leads, Opportunities and Custom objects only. For Customer Plus users, this can be given through permission sets.
Owner and Criteria based sharing rules can be used to share records within Partner community. You can use Partner Role and public groups in these rules.
Use Case: Requirement is to share all Opportunities related to a particular partner account with all users in the partner account, but don’t want to open up the full super user access. Here you can create a criteria-based sharing rule where the AccountId is the partner account and then sharing with partner account executive role and subordinates.
External users with Customer Community Plus and Partner License can use manual sharing but only on VF Communities. It’s in the Salesforce roadmap to add support for lightning communities. Another mechanism for manual sharing is Opportunity team i.e. a reseller shares the opportunity with his SI (co-seller use case).
Use Case: Partners work closely with internal users on few opportunities.
Apex sharing should be used when the sharing requirements are too complex which cannot be implemented with criteria-based sharing rule. Basically this is the last resort you have.