Roles control the level of visibility a user has into your organization's data.
Depending on your sharing settings, roles can control the level of visibility that users have into your organization’s data. Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the hierarchy, unless your organization’s sharing model for an object specifies otherwise. Specifically, in the Organization-Wide Defaults related list, if the Grant Access Using Hierarchies option is disabled for a custom object, only the record owner and users granted access by the organization-wide defaults receive access to the object's records.
Users that require visibility to the entire organization should be assigned the highest level in the hierarchy, for example, Executive Staff.
In general, within a role hierarchy someone in a higher role can see records owned by users in a role below them. Those in roles below, need access to records owned by someone above them, this can be accomplished with adjustments to the Sharing Settings.
NOTE – At the very least, ensure that you have a profile called Full Access under the root of the hierarchy to add all your users to. More complex role assignments can be added
Show in sorted list view
See a list that you can sort alphabetically by role name, parent role (Reports to), or report display name. If your organization has a large number of roles, use this view for easy navigation and filtering.
To show a filtered list of items, select a predefined list from the View drop-down list, or click Create New View to define your own custom view.
To edit or delete any view you created, select it from the View drop-down list and click Edit.
Role related list
In the Users in Role related list:
To assign a user to the role, click Assign Users to Role.
To add a user to your organization, click New User.
To modify user information, click Edit next to a user name.
To view a user's details, click the user's full name, alias, or username.
NOTE: When Active is selected, the user can log into Salesforce.
~ Deactivated users, such as employees who are no longer with your company, cannot log in to Salesforce.
NOTE: Removing a user from the Selected Users list deletes the role assignment for that user.
Notes on Roles
- Every user must be assigned to a role, or their data will not display in opportunity reports, forecast roll-ups, and other displays based on roles.
- All users that require visibility to the entire organization should belong to the highest level in the hierarchy.
- It is not necessary to create individual roles for each title at your company, rather you may want to define a hierarchy of roles to control access of information entered by users in lower level roles.
- When you change a user’s role, any relevant sharing rules are evaluated to add or remove access as necessary.
- When an account owner is not assigned a role, the sharing access for related contacts is Read/Write, provided the organization-wide default for contacts is not Controlled by Parent. Sharing access on related opportunities and cases is No Access.
- Users that gain access to data due to their position in hierarchies do so based on a setting in your organization-wide defaults.
Full explanation of security and roles is beyond the context of this lesson.
For more detailed information See Force.com's: Overview of Roles