I am working on a Marketo-Salesforce sync. Marketo accesses Salesforce via a Salesforce User named 'Marketo User'. This User can have it's own Role, Profile, Permissions, etc. – it's sole purpose is to be the connection-point between Salesforce and Marketo.
We only want to sync certain records to Marketo, so we are evaluating our options to do this. We want to avoid a custom record type for this.
We want to restrict access to certain Lead and Contact records based on a specific boolean field value, 'No Mkto Sync'. When 'No Mkto Sync' is False, this User profile (or role?) should have full read/write privileges on the Lead or Contact record. When this field is True, the Salesforce User should not be able to read/write that record.
Best Answer
I suggest to setup Lead/Contact OWD as private, so that means only the owner of the records or someone higher in the role hierarchy will be able to read them.
Setup > Security Controls > Sharing Settings
Then add sharing rule based criteria, please check the following example where Primary will be your No Mkto Sync
Then select in step 4 to who you want to share this.
Hope that will help