Newer Version Available
Overriding Sharing with Object Permissions
Believe it or not, we already delegated a few administrative responsibilities a few pages ago when we created the Recruiter permission set. If you go back to that section, you'll see that we selected the “View All” and “Modify All' object permissions for job postings and employment websites. As you might expect, “View All” lets users view all of the records of that object, while “Modify All” lets users read, edit, and delete all of the records of that object. So how does selecting these permissions differ from just selecting the “Create,” “Read,” “Edit,” and “Delete” permissions individually? And how do “View All” and “Modify All” help you delegate administration?
You may wonder if the “View All” and “Modify All” object permissions are similar to the ���View All Data” and “Modify All Data” global permissions. It’s true that they all ignore the sharing model, hierarchy, and sharing rules, but bear in mind that object permissions only apply to records of a specific object, whereas global permissions apply to records of every object in your organization. As a rule of thumb, when global administration permissions are too permissive for a particular user, use the object permissions instead to control data access on an object-by-object basis.
Because we already applied object permissions when we created the Recruiter permission set, there's no need to walk through the process again here; however, you can probably imagine other ways in which the “View All” and “Modify All” permissions might be useful for this app. For example, as we discussed before, certain laws may require your company to keep all position, candidate, and job application records for a specific amount of time. This law is why we opted not to give recruiters the ability to delete those records. When that legal time limit expires, though, your company may want to hire a contractor who specializes in data cleansing to remove old recruiting data from the system. By creating a permission set with the “Modify All” object permission on positions, candidates, and job applications, you can quickly give the contractor the permissions needed to get the job done without exposing the rest of your company's data.