RestrictionRule
File Suffix and Directory Location
RestrictionRule components have the suffix .rule and are stored in the restrictionRules folder.
Version
RestrictionRule components are available in API version 52.0 and later.
Special Access Rules
Only users with the View Restriction and Scoping Rules permission can view restriction rules and scoping rules via the API. Only users with the Manage Sharing permission can view, create, update, and delete restriction rules and scoping rules.
Fields
Field Name | Field Type | Description |
---|---|---|
active | boolean | Indicates whether the rule is active (true) or not (false). The default value is false. |
description | string | Required. The description of the rule. |
enforcementType | EnforcementType (enumeration of type string) | Required. The type of rule. Valid values are:
|
masterLabel | string | Required. The name of the rule. |
recordFilter | string | Required. The criteria that determine which records are accessible via the
rule. For picklist fields, you can now use the OR operator to specify multiple
values for a single picklist field.— For example:
OR(ISPICKVAL(Status,'Draft'), ISPICKVAL(Status,'Activated'), ISPICKVAL(Status,'Negotiating')). This enhancement applies to both Restriction Rules and Scoping Rules.Support for multiple picklist values using the OR operator was introduced in API version 60.0 and later. |
targetEntity | string | Required. The object for which you're creating the rule. We recommend that you
don’t edit this field after the rule is created. If
enforcementType is set to Restrict, custom objects, external objects, and these objects are supported:
If enforcementType is set to Scoping, custom objects and these objects are
supported:
|
userCriteria | string | Required. The users that this rule applies to, such as all active users or users with a specified role or profile. |
version | int | Required. The rule's version number. |
Declarative Metadata Sample Definition
The following is an example of a RestrictionRule component representing a restriction rule.
<?xml version="1.0" encoding="UTF-8"?>
<RestrictionRule xmlns="http://soap.sforce.com/2006/04/metadata">
<active>true</active>
<description>Allows users with a specific profile to see only tasks that they own.</description>
<enforcementType>Restrict</enforcementType>
<masterLabel>Tasks You Own</masterLabel>
<recordFilter>OwnerId = $User.Id</recordFilter>
<targetEntity>Task</targetEntity>
<userCriteria>$User.ProfileId = '00exxxxxxxxxxxx'</userCriteria>
<version>1</version>
</RestrictionRule>
The following is an example of a RestrictionRule component representing a scoping rule.
<?xml version="1.0" encoding="UTF-8"?>
<RestrictionRule xmlns="http://soap.sforce.com/2006/04/metadata">
<active>true</active>
<description>View tasks contacts from Department A.</description>
<enforcementType>Scoping</enforcementType>
<masterLabel>SR for Department A contacts</masterLabel>
<recordFilter>Department=$User.Department</recordFilter>
<targetEntity>Contact</targetEntity>
<userCriteria>$User.UserRoleId = '00Exxxxxxxxxxxx'</userCriteria>
<version>1</version>
</RestrictionRule>
The following is an example package.xml that references the previous definition.
<?xml version="1.0" encoding="UTF-8"?>
<Package xmlns="http://soap.sforce.com/2006/04/metadata">
<types>
<members>*</members>
<name>RestrictionRule</name>
</types>
<version>55.0</version>
</Package>