Metadata API Developer Guide

Getting Started
Using Metadata API
Reference
File-Based Calls
CRUD-Based Calls
Utility Calls
Result Objects
Metadata Types
Metadata Components and Types
Metadata Coverage Report
Unsupported Metadata Types
Special Behavior in Metadata API Deployments
AccountRelationshipShareRule
ActionLinkGroupTemplate
ActionPlanTemplate
AIApplication
AIApplicationConfig
AnalyticSnapshot
AnimationRule
ArticleType
ApexClass
ApexComponent
ApexEmailNotifications
ApexPage
ApexTestSuite
ApexTrigger
AppMenu
AppointmentSchedulingPolicy
ApprovalProcess
AssignmentRules
Audience
AuraDefinitionBundle
AuthProvider
AutoResponseRules
BatchCalcJobDefinition
BatchProcessJobDefinition
BlacklistedConsumer
Bot
BotVersion
BrandingSet
BriefcaseDefinition
BusinessProcessGroup
CallCenter
CallCoachingMediaProvider
CampaignInfluenceModel
CaseSubjectParticle
CareSystemFieldMapping
CareProviderSearchConfig
Certificate
ChatterExtension
CleanDataService
CMSConnectSource
Community (Zone)
CommunityTemplateDefinition
CommunityThemeDefinition
ConnectedApp
ContentAsset
CorsWhitelistOrigin
CspTrustedSite
CustomApplication
CustomApplicationComponent
CustomFeedFilter
CustomHelpMenuSection
CustomLabels
Custom Metadata Types (CustomObject)
CustomNotificationType
CustomObject
CustomObjectTranslation
CustomPageWebLink
CustomPermission
CustomSite
CustomTab
CustomValue
Dashboard
DataCategoryGroup
DataConnectorS3
DataSource
DataSourceObject
DataStreamDefinition
DecisionTable
DecisionTableDatasetLink
DelegateGroup
DiscoveryAIModel
DiscoveryGoal
Document
DuplicateRule
EclairGeoData
EmailServicesFunction
EmailTemplate
EmbeddedServiceBranding
EmbeddedServiceConfig
EmbeddedServiceFieldService
EmbeddedServiceFlowConfig
EmbeddedServiceLiveAgent
EmbeddedServiceMenuSettings
EntitlementProcess
EntitlementTemplate
EscalationRules
EventDelivery
EventSubscription
ExperienceBundle
ExternalDataConnector
ExternalDataSource
ExternalServiceRegistration
FeatureParameterBoolean
FeatureParameterDate
FeatureParameterInteger
FieldRestrictionRule
FieldSrcTrgtRelationship
FlexiPage
Flow
FlowCategory
FlowDefinition
Folder
ForecastingSourceDefinition
ForecastingType
ForecastingTypeSource
FunctionReference (Beta)
GatewayProviderPaymentMethodType
GlobalPicklist
GlobalPicklistValue
GlobalValueSet
GlobalValueSetTranslation
Group
HomePageComponent
HomePageLayout
InboundCertificate
InboundNetworkConnection
InstalledPackage
IPAddressRange
KeywordList
Layout
Letterhead
LightningBolt
LightningComponentBundle
LightningExperienceTheme
LightningMessageChannel
LightningOnboardingConfig
LiveChatAgentConfig
LiveChatButton
LiveChatDeployment
LiveChatSensitiveDataRule
ManagedContentType
ManagedTopics
MatchingRule
Metadata
MetadataWithContent
MilestoneType
MlDomain
MktCalcInsightObjectDef
MktDataTranObject
MLDataDefinition
MLPredictionDefinition
MobileApplicationDetail
ModerationRule
MutingPermissionSet
MyDomainDiscoverableLogin
NamedCredential
NavigationMenu
Network
NetworkBranding
NotificationTypeConfig
OauthCustomScope
ObjectSourceTargetMap
OcrSampleDocument
OcrTemplate
OutboundNetworkConnection
Package
PathAssistant
PaymentGatewayProvider
PermissionSet
PermissionSetGroup
PlatformCachePartition
PlatformEventChannel
PlatformEventChannelMember
PlatformEventSubscriberConfig
Portal
PostTemplate
PresenceDeclineReason
PresenceUserConfig
Profile
ProfileActionOverride
ProfilePasswordPolicy
ProfileSessionSetting
Prompt
Queue
QueueRoutingConfig
QuickAction
RedirectWhitelistUrl
RecommendationStrategy
RecordActionDeployment
RemoteSiteSetting
Report
ReportType
RestrictionRule (Beta)
Role
RoleOrTerritory
SalesWorkQueueSettings
SamlSsoConfig
Scontrol
ServiceAISetupDefinition
ServiceAISetupField
ServiceChannel
ServicePresenceStatus
Settings
SharedTo
SharingBaseRule
SharingRules
SharingSet
SiteDotCom
Skill
StandardValueSet
StandardValueSetTranslation
StaticResource
SynonymDictionary
Territory
Territory2
Territory2Model
Territory2Rule
Territory2Type
TimeSheetTemplate
TopicsForObjects
TransactionSecurityPolicy
Translations
UserAuthCertificate
UserCriteria
UserProvisioningConfig
WaveApplication
WaveDataflow
WaveDashboard
WaveDataset
WaveLens
WaveRecipe
WaveTemplateBundle
WaveXmd
WebStoreTemplate
Workflow
WorkSkillRouting
Headers
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

RestrictionRule (Beta)

Represents a restriction rule that controls the access that specified users have to designated records. This type extends the Metadata metadata type and inherits its fullName field.

Where possible, we changed noninclusive terms to align with our company value of Equality. Because changing terms in our code can break current implementations, we maintained this metadata type’s name.

Important

This feature is a Beta Service. Customer may opt to try such Beta Service in its sole discretion. Any use of the Beta Service is subject to the applicable Beta Services Terms provided at Agreements and Terms.

Note

File Suffix and Directory Location

RestrictionRule components have the suffix .rule and are stored in the restrictionRules folder.

Version

RestrictionRule components are available in API version 52.0 and later.

Special Access Rules

To enable restriction rules, contact Salesforce Customer Support. Only users with the Manage Sharing permission can create restriction rules.

Fields

Field Name Field Type Description
active boolean Indicates whether the rule is active (true) or not (false). The default value is false.
description string Required. The description of the rule.
enforcementType EnforcementType (enumeration of type string) Required. The type of rule. Valid values are:
  • FieldRestrict—Do not use.
  • Restrict—Restriction rule. Only this value is valid.
  • Scoping—Do not use.
masterLabel string Required. The name of the rule.
recordFilter string Required. The criteria that determine which records are accessible via the restriction rule.
targetEntity string Required. The object for which you're creating the rule. Custom objects and the Contract, Event, and Task objects are supported. We recommend that you don’t edit this field after the restriction rule is created.
userCriteria string Required. The users that this rule applies to, such as all active users or users with a specified role or profile.
version int Required. The rule's version number.

Declarative Metadata Sample Definition

The following is an example of a RestrictionRule component.

1<?xml version="1.0" encoding="UTF-8"?>
2<RestrictionRule xmlns="http://soap.sforce.com/2006/04/metadata">
3    <active>true</active>
4    <description>Allows users with a specific profile to see only tasks that they own.</description>
5    <enforcementType>Restrict</enforcementType>
6    <masterLabel>Tasks You Own</masterLabel>
7    <recordFilter>OwnerId = $User.Id</recordFilter>
8    <targetEntity>Task</targetEntity>
9    <userCriteria>$User.ProfileId = '005xxxxxxxxxxxx'</userCriteria>
10    <version>1</version>
11</RestrictionRule>

The following is an example package.xml that references the previous definition.

1<?xml version="1.0" encoding="UTF-8"?>
2<Package xmlns="http://soap.sforce.com/2006/04/metadata">
3    <types>
4        <members>*</members>
5        <name>RestrictionRule</name>
6    </types>
7    <version>52.0</version>
8</Package>

Usage

You can create up to two restriction rules per object in Enterprise and Developer Editions and up to five restriction rules per object in Performance and Unlimited Editions.

Create only one restriction rule per object per user. In other words, for a given object, only one restriction rule at most should have the userCriteria field evaluate to true for a given user.

For more information on restriction rules, see the Restriction Rules Developer Guide (Beta).