Mountains and a butterfly next to text that says, "How We're Addressing Challenges from the Record Access (Sharing) Roadmap."

An Inside Look at How We’re Addressing Challenges from the Record Access (Sharing) Roadmap


After diving into the record access (sharing) roadmap session during Dreamforce ‘22, and sharing more details in TrailblazerDX ’23, I want to provide highlights for those of you who weren’t able to able to attend in person.

As a product manager, I’m grateful for your feedback. Over the last several months, we’ve met with and heard from our #AwesomeAdmins during events, in meetings, on Twitter, on the Trailblazer Community, and on the IdeaExchange.

Except for the Generally Available (GA) features mentioned, everything in this blog post is forward-looking. I hope to see you in a community event or at Dreamforce ’23 with more to share! Come on a journey with us, giving us your feedback, and voting for the ideas you think we should work on. Let’s dive into a subset of the challenges in our roadmap session.

Challenge: Periodic account realignments—make them faster!

Your company has new employees, others are getting promoted or moving to new roles, and you’re doing a periodic account realignment. If your organization-wide default (OWD) is Private for Account, Contact, Opportunity, or Case, or you plan to make the OWD Private for one of these objects, review Faster Account Sharing Recalculation (15 minute video with more details or shorter knowledge article). We’re making multiple operations faster! In Spring ’23, you will need to submit a feature activation case with the sandbox orgID. In Summer ’23, there will be a release update, which will give you the option to enable it without contacting support. We plan on enabling this feature for all customers in an upcoming release, in a gradual manner, with sandboxes coming first, then production instances; get the benefits before we enable it for all customers.

Challenge: Hide sensitive field values

This is the only portion not focused on record access and sharing. You love dynamic forms, but need a security feature that protects field values accessed through list views, reports, and the API. Vote and comment on what will benefit you: criteria-based field-level security and restricting field visibility based on record owner rather than profiles. We started this journey with the ability to protect sensitive information on Employee, through employee field visibility rules, and then protected external users’ personally identifiable information (PII) with enhanced personal information management. There are more investments we need to make, from additional performance enhancements, to a way for admins to write rules to conditionally show (or hide) field values, to extending this to custom objects and finally to standard objects.

Challenge: Add more flexibility to rules

Restriction rules are great, but when will you add support for the other standard objects? Standard objects have special functionality, specific to their object, and require additional investment. Your feedback and voting is a key part of our product prioritization. Adding support for these standard objects is not currently being worked on at this time. If you’d like to see these objects supported, make sure to vote and make your voice heard! Here are links to some of the most requested standard objects: Account, Case, Contact, EmailMessage, Opportunity, Product2, Asset, and Lead. I’m hopeful we’ll add an IN operator, which would give you more flexibility.

For criteria-based sharing rules, we have no plans to support formula fields, as we don’t want your users to experience slower page loads. We may look into how we can provide you more flexibility, comparing field values on both the record and the user (for example, the ability to compare a field value on the record to the running user, such as [object].field = CurrentlyRunningUser.field). That said, we’ll make investments in restriction rules before we get to criteria-based sharing rules.

Challenge: Make the administrative experience better

At TrailblazerDX ‘23, we demoed seeing both object and record access within the Object Manager. We also showcased some demos on public groups. We’re starting the journey, evaluating the configuration experience for public groups, queues, and the sharing settings page. We also know we need to get better at providing you error messages that you can quickly action, such as Full description of “invalid cross reference id” error required.

Ideas, Trailblazer Community Group, and a Trailmix

Have feedback for us? Vote and comment on the ideas in this Quip, which covers most of the ideas discussed in our in-person roadmap session. You can also share feedback to our Record Access Trailblazer group. If you’re new to record access or want my recommendations on resources, see the Record Access trailmix.


Big thank you to the engineering teams who keep working on record access and sharing! Thank you to Anubha Dubey, for helping conduct the interviews on an improved admin experience, and to my manager, Cheryl Feldman, for her insights and partnership.

Permissions Updates

Permissions Updates | Learn MOAR Spring ’23

Author’s note: You likely noticed that the official announcement about the End of Life (EOL) of permissions on profiles was never sent out. We’ve decided to no longer enforce the End of Life of permissions on profiles for Spring ’26. We realized, thanks to all the Awesome Admin feedback we’ve received, that we first have […]

Release Highlights for Admins

Release Highlights for Admins | Learn MOAR Spring ’23

Join us and discover the new Spring ’23 release features for admins and developers. We know each release brings with it lots of amazing new functionality and there can be a lot to digest. With Learn MOAR, we’re packaging the release and bringing it to you in an easy-to-digest format with blogs, videos, and more. […]