We are turning on customer portal and we need new registered portal users to access custom object records already created (aka. the new portal user doesn't own this record). How do we grant access to this portal user without destroying access to internal users? Some options, but not sure which one to choose…
- change record owner to this new portal user
- OR add portal user role above an internal role in hierarchy (but then how do we make sure no other portal user can access this record?)
- apex managed sharing to share record to the correct contact lookup linked to portal user (but not sure if this works with portal users or when to trigger this)
Best Answer
The first thing to understand is that customer portal users don't have access to the sharing model and role hierarchy so your bottom two suggestions won't work.
Customer portal users are only allowed access to objects that they own or objects that are associated via lookup to the portal user's account or contact record. This is done via Sharing Sets. Custom objects that do not have a lookup to Account or Contact, cannot be shared to a customer portal user via sharing sets.
The other option is to transfer ownership to the portal users, as you indicated as one of your options. You can then follow the instructions for configuring the portal Share Group in portal configuration settings.
Information about Sharing Sets and configuring the customer portal to share objects owned by portal users with internal users is outlined in the Customer Portal Implementation Guide.
Can you confirm though, are you talking about Customer Portal licenses, which are now deprecated for new Salesforce customers in favor of the newer Customer Community license?