[SalesForce] Allow record editing when custom field is checked

I'm fairly new to Salesforce. I'm trying to set up some of our rules and functionality in Salesforce and I was wondering if there is a way (or which is the better one) to restrict a user to edit a Contact info, only when the value of a custom field in the contact is "checked". Otherwise the user should be able to only see the Contact info.

Update 1: Thanks for all the answers. This is the scenario, maybe it'll be clear: the Marketing profile, is going to be making phone calls to our Contacts. These Contacts have a custom field (checked / not checked). And what we need is that if the field is checked the Marketing profile just can see the contact info, but if is not checked he can see it and edit. I've already have a layout assigned to that profile with the contact info he should be allowed to see and edit. But I don't know how to restrict the edit in some of the cases (when the custom field is checked).
I'm just trying to learn and find out the best approach to that situation.

Update 2: Would it work (or would it be a good practice) to create 2 criteria based sharing rules for Contacts, the first one with read/write access and the other one with just read access?

Best Answer

You could do something like that, but a lot of it will depend on how you have your whole sharing/security model set up (e.g., what org-wide defaults, profiles, sharing rules, and also role-hierarchy) and the relationship among the users that can and cannot check the checkbox.

Check out the Objects, Fields, Page Layouts, and Security section on the Developer Force Documentation site. After you read the documentation you may see that using different features of the sharing model will better satisfy whatever you're trying to do.

I'm making a lot of assumptions about your org here, so this answer could be way off, but at the least it can get you thinking about the different concepts along with reading the documentation.

I'm illustrating this with just two simple profiles, you might have more profiles, existing profiles, permission sets, etc. This answer just sets what fields will show up as available on the page layout, so if the user has some other way to edit the fields this wouldn't address that.

Answer 1

Two profiles for the two different types of users:

  1. Allower - Can check the 'Allow' checkbox - Visible/edit for the Allow checkbox Field-Level Security (FLS) on the Contact.
  2. User - Cannot check the 'Allow' checkbox. - Read-only for the FLS on the Allow checkbox.

Create two page layouts:

  1. All Fields
  2. Limited Fields - All fields that you don't want edited are marked as read only. Various buttons would not be available, etc.

Create two record types:

  1. Allowed
  2. Not Allowed

Create two workflow rules to update the record type field on the Contact:

  1. Set the record type of the Contact to Allowed when the checkbox is saved as true.
  2. Set the record type of the Contact to Not Allowed when the checkbox is saved as false.

Set up the Page Layout Assignments as follows:

Profile Allower: Allowed Record and Not Allowed Record both get assigned the All Fields layout. This enables the Allower to always see all fields, including the checkbox.

Profile User: Allowed Record gets All Fields Layout (FLS still prevents changing the checkbox, though), but Not Allowed Record gets Limited Fields layout.

Answer 2

You can use a criteria based sharing rule on the Contact. If this works for you it is simpler and more thorough than my Answer 1, so I'd go with it.

For example:

  1. Set public Read-Only org-wide default for the Contact. (if it is private then you might have to create an additional rule based on whatever you are doing to give read access)
  2. Share it with a criteria based rule to make it Public Read/Write to a Group that includes the users/roles/etc that you want to open it up to.
  3. You still need the Field-Level Security (FLS) to prevent them from checking the box, though. Also, keep in mind that if a Contact is not connected to an Account it is private and will not be seen by others. Also the users will still see the edit button, but when they click it they'll get redirected to a page that has an "Insufficient Privileges" message.
Related Topic