1
🌍
Global Read-Only
Allow all authenticated users to read all records. No write access.
EXAMPLE:
Access: Global
Privileges: Read
2
👤
Contact Scope CRUD
Users can create/read/update/delete only records related to their contact.
EXAMPLE:
Access: Contact
Privileges: Read, Write, Create, Delete
3
🏢
Account Scope Read
Users see records associated to their account (organization-wide visibility).
EXAMPLE:
Access: Account
Privileges: Read
4
🔒
Self-Only Access
Users can only read/update their own Contact record. Most restrictive.
EXAMPLE:
Access: Self
Privileges: Read, Write
5
🔗
Parent-Child Relationship
Access child records via parent table permission. Clean & scalable pattern.
EXAMPLE:
Parent: Case (Contact)
Child: Note (via regardingobjectid)
6
👁️
Anonymous Public Access
Allow unauthenticated users to read public records. Use with caution!
EXAMPLE:
Web Role: Anonymous
Access: Global, Read only
7
➕
Create-Only Permission
Users can create records but cannot read them back. Useful for submissions.
EXAMPLE:
Access: Global
Privileges: Create only
8
📎
Read + Append Pattern
Allow users to read records and append related records (e.g., add notes to cases).
EXAMPLE:
Privileges: Read, Append
Parent: Case → Child: Note
9
🎯
Multi-Level Parent Scope
Chain permissions across 3+ levels (Contact → Case → Note → Attachment).
EXAMPLE:
Contact → Case
Case → Note → Attachment
10
🏛️
Account Hierarchy Access
Enable hierarchy security to grant access to parent/child accounts.
EXAMPLE:
Parent Account permissions
cascade to child accounts
11
👥
Role-Based Read/Write Split
Different web roles get different privileges (Admins: CRUD, Users: Read).
EXAMPLE:
Admin Role: Read, Write, Delete
User Role: Read only
12
🔗
Append To Relationship
Allow linking records to parent records (opposite of Append).
EXAMPLE:
Privilege: AppendTo
Link Note to existing Case
13
🚫
No Delete Policy
Grant Read/Write/Create but never Delete. Preserve data integrity.
EXAMPLE:
Privileges: Read, Write, Create
(Delete intentionally omitted)
14
🔓
Read-Only for Anonymous, CRUD for Authenticated
Public can browse, logged-in users can interact fully.
EXAMPLE:
Anonymous: Read
Authenticated: Read, Write, Create
15
⚠️
Polymorphic Lookup Workaround
Polymorphic lookups not supported. Use separate permissions per entity type.
EXAMPLE:
Instead of regardingobjectid,
use case-specific lookups