Programmatic sharing using Flow

An essential guide for Salesforce developers on how to share records using Flow.

Photo by Markus Winkler on Unsplash

Summary

• Introduction
• Use Case
• Solution
• Implementation
• A ready-to-use Package

Introduction

There are different ways to share records in Salesforce.

• Org-Wide Defaults (aka OWD) — records can be shared with the owner only (private), with everyone in read-only mode (Public Read Only), or with everyone in read and write mode (Public Read Write)
• Role Hierarchy, Territory Hierarchy — if Grant Access Using Hierarchies is ticked in OWD, records are shared with all users above owner’s role/territory hierarchy
• Sharing Rules — based on rule criteria, records are shared with users that are part of a specific role, territory, public group
• Manual Sharing — records can be manually shared with single users, users that are part of a role, territory or public group

However, some scenarios cannot be covered by any of the features above. For example, when the logic that defines the sharing criteria is complex and users of which records must be shared with are not part of the same hierarchy.

Use case: training new employees

UniMatrix provides machinery and equipment maintenance services. A trainer is assigned to new technicians during their first week. All training sessions are logged into a Salesforce object called Training Report but, for compliance reasons, only Trainer and Employee should automatically get access to the training records they are part of.

Implementation

Prerequisites: creating the object and setting the default access.

• Training Report custom object and fields
• Org-Wide Defaults for Training Report as Private
• Grant Access Using Hierarchies for Training Report as false

Apex Sharing Reason

Note: when the owner of a record changes, Salesforce removes all sharing records with Manualas RowCause. As we want to keep sharing records with the related employees even though the owner changes, a new sharing reason is needed.

(only available in Classic)
Setup → Objects → Training Report→ Apex Sharing Reasons → New

Reason Label: Employee
Reason Name: Employee

New Apex Sharing Reason

Description of the Flow

• The flow will run if the Training Report record is new, or if the employee changed
• If the record already exists, the flow will delete the existing Training Report Share, as it is related to the previous employee
• Finally, the flow will create a new Training Report Share, in order to share the record with the employee

Flow overview

Creating a new Flow

Setup → Flows → New Flow

Chose Record-Triggered Flow

Object: Training Report

When: A record is created or edited

Condition requirements: Formula evaluates to true

Formula:

OR(ISNEW(), {!$Record__Prior.Employee__c} != {!$Record.Employee__c})

Done

Verify if the record is new

Add Element → New Decision

Label: Is a new record

Outcome Details: as per the following image

Done

If the record already exists, delete the share record with the previous employee

Decision NO → Add Element → Delete Records

Label: Delete Share Record Old Employee

How To Find Records to Delete: Specify conditions

Object: Share: Training Report

Condition Requirements: as per the following image

Finally, share the record with the Employee

Outside Decision element → Add Element → Create Records

Label: Share Record with Employee

How to Set the Record Fields: Use separate resources, and literal values

Object: Share: Training Report

Set Field Values: as per the following image:

Done

Final Steps

Save As: give any name to your new Flow

Activate the flow

A ready-to-use Package

The full solution is already available through a free package. It contains all components: object, fields, permission set, flow.

Please follow the instructions below to install the package:

• Create a new Playground in your Trailhead orgs
• Install the package: https://login.salesforce.com/packaging/installPackage.apexp?p0=04t7R000001dYZu
  Note: you might need to replace login.salesforce.com with your Playground domain name
• Create two users (Trainer and Employee) and assign them Training Report Permission Set
• Login as the Trainer and create a new Training Report record with the other user as Employee

• Verify that the employee has read-only permission to see the record by logging in as the employee user or by extracting data from Training_Report__Share table:

If you want to see an advanced approach to share records in Salesforce, please visit Programmatic Sharing using Apex .