[SalesForce] How to allow edit access to for certain record types only

I need all user to be able to see all opportunities. However, Department A should only be able to edit opportunities assigned to 3 record types (x,y,z) and Department B should only be able to edit opportunities assigned to the other 4 record types (t,u,v,w).

I started testing with Department A in the sandbox and this is what I have done so far:

  1. Profile Permissions for Department A Role = Opportunities (Read,
    Create, Edit, Delete,View All)
  2. Org-Wide Defaults for Opportunities:
    Public Read Only
  3. Sharing Rule for Opportunities: when Opportunity
    record type = x,y,z share with Department A as "Read/Write"

As a result, when a user assigned to the Department A role goes to an opportunity with an "x" record type then they are able to see the edit button (YAY!). However, when they go to an opportunity with the "t" record they are also able to see the edit button and they shouldn't. They should have read only access to "t" opportunities. What am I missing here to make the Department A role "read only" for certain record types? Should I be opproaching this in a different way?

Best Answer

Edit is a CRUD permission on the Object, in this case Opportunity, defined on profile/permission set level. So as long as a User on say Profile A has Edit rights on Opportunity, they will always be able to view the Edit button all across, if the button is available on the page layouts.

Your options here are:

  1. Change the OWD to Private.

    As long as Users from Department A do not own the records for record type t,u,v,w, and that such records are shared to them as Read Only, they won't be able to edit any record, even though if Edit button is available on the page layout

  2. Without Changing the OWD.

    Create a different page layout for record types t,u,v,w, specifically for Users on Profile A. Remove the Edit button from the page layout. Mark all the fields on the page layout as Read Only to mimic a read only page. Assign it to the Users from Department A. This is based on the assumption here is that the Users from Department A are on different profile than Users from Department B.

Related Topic