Access rights need to be assigned at the object level based on roles.
Our requirement is two-fold:
- Assign permissions to specific roles, and
- Assign permissions to specific users within a role, based on certain filter conditions.
For example:
- The X role has role-based permissions, but these permissions must be overridden for certain users within the same role based on filters.
- For other roles like Y, all users in that role should have access to the records without any additional filtering.
We already have a business process that manages this logic, but the challenge is the large volume of records. Whenever we add a new role to the permission set, we must update the object-level permissions again. This unintentionally exposes all existing records to all users in the X role.
To correct this, we must re-run our business processes on all existing records to ensure that only the intended X users retain access, not everyone in the role. This becomes a very manual and time-consuming activity each time any permission change is required.
Would like guidance on how to achieve this more efficiently, ideally through customization, given the volume of records involved.
Like