Role Hierarchy in Salesforce
Every Salesforce org maintains a role hierarchy for the organization using Salesforce.
This role hierarchy defines the hierarchy of the users working in the organization.
Role Hierarchies can be used to extend the record access automatically so that a Manager will always have access to the same data as his/her employees regardless of the org-wide default settings.
Role hierarchies don’t have to match your org chart exactly. Instead, each role in the hierarchy should just represent a level of data access that a user or group of users need.
Depending on the organization’s sharing settings, roles can control the level of visibility that users have into the organization’s data. Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the role hierarchy unless the organization’s sharing model for an object specifies otherwise.
Note:
- If the “Grant Access Using Hierarchies” option is disabled for a custom object then only record owners and users granted access by the organization-wide defaults have access to the object’s records. However users such as with the “View All” and “Modify All” object permissions and the “View All Data” and “Modify All Data” system permissions can still access records they do not own.
- “Grant Access Using Hierarchies” option is enabled for all objects and it can only be changed for custom objects.
Public Groups
A public group consists of a set of users. It can contain individual users, other groups, or the users in a particular role or territory plus all the users below that role and subordinates in the hierarchy.
Public groups are used more for sharing purposes. They are not the owner of the records but can share the records in terms of access. Public groups can be used across any object.
Here is where you can learn about Sharing Rules.