Atelier Trailblazer community Salesforce Architect Group, Lyon 15/12/2022
Master Salesforce External sharing présenté par Abdelhakim
UNDERSTAND EXTERNAL USERS AND THEIR ACCESS MECHANISMS
INTERNAL VS EXTERNAL OWD
EXTERNAL LICENSES AND THEIR FEATURES/LIMITATIONS
EXPLORE DIFFERENT EXTERNAL SHARING TOOLS
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
LAG #3 - Master-External-sharing (Abdelhakim Speaker).pptx
1.
2. Agenda
01 Présentation speakers
02 UNDERSTAND EXTERNAL USERS AND THEIR
ACCESS MECHANISMS
03
EXTERNAL LICENSES AND THEIR
FEATURES/LIMITATIONS
04
INTERNAL VS EXTERNAL OWD
EXPLORE DIFFERENT EXTERNAL SHARING TOOLS
05
3. Speakers
@abdel_force
Abdelhakim Mouttaqui
Salesforce Architect
Salesforce Solution Architect
17 années d'expérience dans l'IT et Transformation Digitale
10 années dans l’écosystème Salesforce
(Architecture, conception et pilotage de mise en oeuvre)
10x certifié Salesforce
Co-Leader Salesforce Architect Group Utrecht - Pays-bas
North Africa Dreamin Organizer
Passionné de Football
8. Org-Wide Defaults
Org-Wide Defaults
Base level Of Access
01
Sharing Rules
Open up Access (lateral)
03
Manual Sharing
Open up Access (flexible)
04
Baseline Object Permissions (Profile, Permissions)
External
Org-wide
defaults
Role Hierarchy
Open up Access (vertical)
02
9. External Org-Wide Defaults Considerations
• Can’t be more permissive than the internal one.
• Give you full control over the baseline record access for site and portal users. This layer of
protection ensures that you can define separate record access policies for internal users and
external users.
• Affect all Experience Cloud and legacy portal licenses.
• Not all objects can have an external sharing model. Here are the ones that can.
• Accounts and their associated contracts and assets
• Assets
• Cases
• Contacts
• Individuals
• Opportunities
• Orders
• Custom Objects
• Users
11. GUEST
A Guest user referrers to a user visiting your public community/portal/site without logging in.
When you create a community or portal/site, Salesforce will automatically create a guest profile
and an associated user record.
Permissions
• Only Read Access to data
• Guest users can only
update or delete a record
in System mode
Sharing
• Guest sharing rules
• The maximum access
granted through this
sharing rule is Read
12. EXTERNAL USER LICENSES
All licenses mentioned earlier have access to:
Objects:
• Account
Contact
Relationships
• Accounts
• Assets
• Cases
• Contacts
• Contracts
• Custom
objects (10)
• Documents
Objects
• Entitlements
• Events and
Calendar
(Read for CC)
• External
Objects
(Salesforce
Connect)
• Ideas
• Orders
Objects
• Price Books
• Products
• Service
Appointment
• Task (Read for
CC)
• Work Order
• Work Order
Line Item
Sharing:
• Sharing Set
• Share Group
13. CUSTOMER COMMUNITY
B2C experiences with large numbers of external users who need access to case objects or
knowledge. The Customer Community can be used with person accounts.
Features
• Approval Process
• Customer Community license
holders can submit for approval
and can be assigned as the
approver, but they can’t be
assigned tasks or email alerts
via approval workflows.
• Applies to Customer
Community Plus and Partner
Community as well.
Permissions
• Edit Account & Case
• View Contacts, price books &
products
• Create & Edit Assets
• Access Salesforce CRM (If they
have SF CRM license)
Sharing
• Record ownership (except
Account and some other SOs)
• Ext. OWD
• Sharing Set
• Sharing Group
14. CUSTOMER COMMUNITY PLUS
B2C experiences with external users who need access to reports and dashboards and need
advanced sharing. The Customer Community Plus can be used with person accounts.
Sharing
• Record Ownership
• Ext OWD
• Roles, Public Groups
• Sharing Set/Group
• Role Hierarchy
• Sharing Rules
• External Account Hierarchy (EAH)
• Account Relationship with
ARDSR(Account Relationship Data
sharing Rule)
• Super User
• Delegated Ext. User Admin
• Account Role Optimization
• Manual Sharing
• Apex Managed Sharing
Reporting
• Reports
• Dashboards
Additional features
• Delegated Administration - Applies to
Partner Community as well.
15. PARTNER COMMUNITY
B2B experiences that need access to sales data such as partner relationship management. The
Partner Community can’t be used with person accounts.
Sharing (All CCP
Capabilities)
• Account, Case &
Opportunity Teams
• Territory Management
Objects
• Campaigns
• Leads
• Opportunity
Reporting
• Reports
• Dashboards
Additional features
• Delegated
Administration
• Territory Management
16. EXTERNAL APPS
Custom digital experiences to engage any external stakeholder, including Brand Engagement
and Customer Loyalty. Limited access to CRM objects. The External Apps license can be
used with person accounts.
17. DIFFERENCES
License Roles Sharing Tasks Reports Dashboards Sales Cloud Custom Objects Additional Storage User Limit
Customer community 10 - 10 M
Customer Community Plus 10 2 MB 2 M
Partner Community 10 5 MB 2 M
External Apps 100 10 MB 2 M
External Apps Plus 100 45 MB 2 M
19. Universal Insurance is a global company that offers various types of insurance
services to individuals via its website.
The customers get exclusive access to an online support portal after purchasing
one or more types of insurances to manage their profile, view their activity and past
insurance details and raise any support tickets.
Business Context
20. Universal Insurance collaborates with various regional insurance service providers,
who are authorized to sell the insurance in their region. The customers can buy all
the insurance services from only one insurance company during a calendar
year due to regulatory guidelines. They can switch the insurer during the beginning
of a calendar year. The insurance companies have 2 types of employees: Agents
and Managers. All the Agents should have access to all the service tickets raised by
their customers, however only the managers should be able to update the service
tickets' status and add comments.
Sharing Scenario 1
22. Sharing Solution 1
Insurer Agent
License Customer Community No External Role
Hierarchy needed
Only access to the
Cases
Lookup Field Account to Insurer
Account
insuranceProvider
__c
Profile Insurer Agent
Sharing set Case.account.insuranceP
rovider__c =
User.AccountId
Case Read Only
Ext OWD Case: Private
Account: Private
Insurer Manager
License Customer Community No External Role
Hierarchy needed
Only access to the
Cases
Lookup Field Account to Insurer
Account
insuranceProvider
__c
Profile Insurer Manager
Sharing set Case.account.insuranceP
rovider__c =
User.AccountId
Case Read/Write
Ext OWD Case: Private
Account: Private
23. Universal Insurance collaborates with various regional insurance service providers,
who are authorized to sell the insurance in their region and the customers can
choose and buy different types of insurance services from different
insurance companies. They can switch to one or more insurance companies at any
time. The insurance companies have 2 types of employees: Agents and Managers.
All the Agents should have access to all the service tickets raised by their
customers, however only the managers should also be able to update the service
tickets' status and add comments.
Sharing Scenario 2
25. Sharing Solution 2
Insurer Agent
License Customer Community No External Role
Hierarchy needed
Only access to the
Cases
Lookup
Field
Asset to Insurer Account insuranceProvider
__c
Profile Insurer Agent
Sharing
set
Case.asset.insurancePro
vider__c =User.AccountId
Case Read Only
Ext OWD Case: Private
Account: Private
Insurer Manager
License Customer Community No External Role
Hierarchy needed
Only access to the
Cases
Lookup
Field
Asset to Insurer Account insuranceProvider
__c
Profile Insurer Manager
Sharing
set
Case.asset.insurancePro
vider__c =User.AccountId
Case Read/Write
Ext OWD Case: Private
Account: Private
26. When the customers submit the support tickets via an online portal, they are allocated to a group
of internal Universal Insurance Service representatives based upon insurance type, region and
other key parameters.
One of the service representatives then takes the ownership of the ticket and then the ticket
should not be visible to other service representatives in the group.
However, customers should still be able to see their tickets to keep track of the resolution status.
Also, all the support tickets logged by customers should be accessible to all the Internal Customer
Engagement Managers Only (Not Service Reps manager) and they should be able to re-assign
the tickets or change the priority if needed.
Sharing Scenario 3
28. Solution Scenario 3
Service Agent
License Service cloud license/
Sales cloud license
Need access to
case
Internal
OWD
Case Private , Account
public read only
(assumption)
Internal Customer Engagement Managers
License Service cloud license/
Sales cloud license
Need access to
case
Internal
OWD
Case Private , Account
public read only
(assumption)
Role Internal Customer
Engagement Managers
Sharing
Group
Share customer Cases
with the role
Linked to
Case Sharing Set
Customer
License Customer Community Need access to
case
External
OWD
Case Private , Account
Private
Case
Sharing
Set
Case.account =
User.AccountId
Case Read Only
29. Universal Insurance provides all the basic information related to insurance services
and regulations to potential customers on its website.
When the prospective customers are interested in exploring the insurance products
and their provider companies in their region, they click on the “Insure Me” button
and navigate to a search page, they can select the country and type of the
insurance from dropdowns and then they should be able to view all the active
insurance providers in the selected country and the insurance products offered by
Universal Insurance
Sharing Scenario 4
31. Solution Scenario 4
Guest
License N/A
Guest Sharing
Rules
• Where Account is Insurer Account
• Where Product is Active
• Account Read Only
• Product Public
32. Universal Insurance requires individual customers to fill current health details in a
health check form post onboarding. This health check form consists of different
types of questions related to health parameters, safety preferences and driving
routines. These are highly confidential records and only the customer can create or
update them. However, these confidential records should also be accessible to a
centralized Policy Planning team who wants to review and identify hidden patterns
for defining policy products with features and own risk components for different
customer segments.
Sharing Scenario 5
34. Solution Scenario 5
High Volume Customer Portal
License Customer Community
Role Hierarchy Create Separate Centralized Role “Policy
Planning’’
No other Users should have
access to the health detail
records
Sharing rule • Criteria based
• Check Include records owned by users
who can't have an assigned role flag
(Spring 22)
health detail Public read
35. Universal Insurance has recently started offering relevant Insurance services to
Corporates who are primarily engaged and managed by Universal insurance
partner insurance companies. The insurance companies submit a new corporate
customer registration request by clicking a link on the website that opens a 3-step
application form for registration. One of the Insurance company’s employees fills
out the information and submits it to generate a prospect record in Salesforce. All
the partner insurance companies have 2 types of employees – Insurance Agents,
Insurance manager. There is one Insurance executive employee who needs
to review all the new customer leads generated by the company employees and
should be able to update the prospect information if required
Sharing Scenario 6
37. Solution Scenario 6
Insurance Agents / Insurance manager / Insurance executive
License Partner Community
External Role
Hierarchy
User
Manager
Executive
Ext. OWD • Lead Private
38. Universal Insurance has recently started offering relevant Insurance services to
Corporates who are primarily engaged and managed by Universal insurance
partner insurance companies. The insurance companies submit a new corporate
customer registration request by clicking a link on the website that opens a 3-step
application form for registration. One of the Insurance company’s employees fills
out the information and submits it to generate a prospect record in Salesforce. All
the partner insurance companies have 2 types of employees – Insurance Agents,
Insurance manager. There are a few Insurance executive employees who needs
to review all the new customer leads generated by the company their direct report
who are Insurance Agent and Managers.
Also, There is one Master Insurance Executive employee who needs to review and
update all the leads generated by other fellow insurance executive and all the agent
and Manager employees
Sharing Scenario 7
40. Solution Scenario 7
Insurance Agents / Insurance manager / Insurance executive
License Partner Community
External Role
Hierarchy
User
Manager
Executive
Ext. OWD • Lead Private
Partner Super
User
Master Executive Needs to view and update all
leads including the ones owed by
executive users
41. Universal Insurance's customers can view the name and some key attributes of the
active insurance service providers while searching for insurance policies. However,
they can only see the fully branded profile page of the insurer once they purchased
the policies from that insurer. Also, the insurer provides various promotion offers to
retain their existing customers. The offer records are created by Insurer employees
- agents and visible on the insurer branded profile page to the existing customers
but not visible to any other internal employees that can access the Insurer profile
page.
Sharing Scenario 8
43. Sharing Solution 8
Insurer Agent
License Customer Community No External Role Hierarchy needed
Only access to the Account and Custom
Object
Create ACR link individual users (Person Accounts) as contacts to
Insurer Accounts (Business Accounts)
Lookup field Offer__c to Insurer Account
Profile Insurer Agent
Sharing set 1. User.Contact.RelatedAccount = Account.Id
2. User.Contact.RelatedAccount = Offer__c.
insuranceProvider__c
Account and Offer__c Read Only
Ext OWD Offer__c: Private, Account: Private
44. Send Us Your Feedback!
Please rate your overall satisfaction
with your recent session:
Very satisfied
Satisfied
Somewhat satisfied
Not very satisfied
Not at all satisfied
Don’t know/Not applicable
À la suite de ce meeting, vous allez
recevoir un email vous demandant
d’évaluer cette session.
Vos retours sont extrêmement
importants, n’hésitez pas à nous laisser
vos commentaires pour améliorer les
prochaines sessions.