A sales manager wants to edit the opportunities owned by the sales team. The manager does NOT have Edit access to the Opportunity object.
What is a recommended solution?
A sales manager wants to edit the opportunities owned by the sales team. The manager does NOT have Edit access to the Opportunity object.
What is a recommended solution?
To allow the sales manager to edit opportunities without having Edit access to the Opportunity object, the most appropriate solution is to create a permission set that grants Opportunity Edit access and assign it to the sales manager's user record. Changing the organization-wide default settings to Public Read/Write would expose all opportunities to unnecessary access, and redefining the role hierarchy would not be effective if the manager lacks object-level access. Enabling team selling also wouldn't suffice without the necessary object-level permissions. Therefore, assigning a permission set is the recommended approach to achieve the desired capabilities while maintaining security and control.
The sales manager needs an object level permission which either is controlled by profile settings or a permission set.... if the sales manager has a profile without Edit rights on the opportunity object, when they get access to a record they do not own (from one of their subordinates via sharing rules), they still wont be able to edit the record.
Should not B be the right answer since the sales manager only wants to edit/view records of his own team?
Sharing (records) settings would be effective only if object level access is there.
I agree. The manager needs the object-level access first. The correct answer is 'D'
Incorrect "Users always have access to data owned by or shared with their subordinates in the role hierarchy, regardless of the org-wide default settings. The only exception is for custom objects, for which you can disable access using hierarchies" from https://trailhead.salesforce.com/content/learn/modules/data_security/data_security_roles
The manager needs the edit access for only the sales team's records, not for every opportunity record. Answer B
I guess this is particularly for the Sales manager user. So, no need for granting access using hierarchy. Just give that person access
B:Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the role hierarchy, unless your sharing model for an object specifies otherwise. Specifically, in the Organization-Wide Defaults related list, if the Grant Access Using Hierarchies option is disabled for a custom object, only the record owner and users granted access by the org-wide defaults receive access to the object's records. https://trailhead.salesforce.com/content/learn/modules/data_security/data_security_roles
It must be "D". Object Level Access is needed. A is not wrong but not to optimal solution B is wrong as even with role hierarchy no Edit permission can be granted if not already granted via object or org-wide defaults.