0

Matching and Custom Sharing Rule

Hi Team,

 

Can you please help me understand difference between Matching and Custom Sharing Rule on object level security?

I have read the vault help documentation but still could not figure out the difference.

 

Also, can you please tell when to use which sharing rule?

 

Thanks!

Pranil

1 comment

  • Avatar
    Bram Seigers

    Hi Pranil,

     

    I look at the difference like this.

    Custom Sharing rules are used object specific and are more comparable to the security setup you have with documents.
    You select user groups or single users the have specific roles (owner, editor, viewer or custom roles) on all object records of the applicable object.
    I needed you can go one level deeper and using a VQL criteria indicate for which records the setup applies.

    Matching Sharing Rules is the real Dynamic Access Control where you assign users a role using a separate User Role Setup object.
    It Matches the rules/fields you have defined in the User Role Setup with the fields referenced on the object.
    If I have a user role setup which indicates that I have the role editor for records with the Country Belgium. I would need to setup a user role setup record with the following fields. Role: Editor, User: bram.seigers@domain.com and country: Belgium. On the object you want to use the security you would set up a matching sharing rule, to look at the role - country combination in the user role setup object. I would then get access as an editor for all object records for which the country is Belgium.

    Matching Sharing rules are more fleshed out and can suit the need if you need field driven, dynamic security using a separate user role setup object to set the security also allows that the same setup is easily reused in other objects. Custom Sharing rules are easier to initially but are limited to that one objects, unless you configure the same in another object. Custom sharing rules are a one off exercise, once setup you only need to manage the used user groups to extend or limit the security. For Matching Sharing Rules there is an ongoing maintenance needed since it is per user that you need to manage a user role setup record based on the security they need. Also if you want to use multiple Matching Sharing rules you can end up with multiple user role setup records per user. If you have a few users it is manageable, but an increasing number of users involved increases complexity.

    I hope this helps!

    Kind Regards,

    Bram

Please sign in to leave a comment.