When dealing with role-based record sharing in a Private sharing model, I often run into a scenario where managers should see their peers' records while their subordinates should not. It's simple enough to create a sharing rule that allows users within a particular role in the hierarchy to have access to each others' records.
However, this can't easily be replicated with a Partner Community. I have a scenario where I am using a Private sharing model and 3 roles for each partner account: Executive, Manager, and User. These roles are generated individually each time I enable an account as partner. For example, when Account A is enabled as a partner, it creates three roles: Account A Executive, Account A Manager, and Account A User. When I do the same for Account B, it generates three completely separate roles, which makes sense in terms of restricting access between partners' records. But if I would like to, for each partner account, extend sharing between that account's Executive users, I am stuck.
It appears to me that the only non-programmatic way to achieve this is to create a separate sharing rule for every partner account. This would only work on a very small scale. Does anyone have any scalable solutions to this? I know that this can be achieved through Apex-based sharing, but I would like to find a simpler solution if possible.
Best Answer
I believe what you are looking for is Super User access:
Documentation Reference
When a user has this access they can see data by their peers (same role) and those below them but NOT roles above them.
In order to set this up for a Partner Community:
Go to Communities Settings
Then on the Partner User's contact record: