Narrow Search

Can't find what you need?
Contact Us

Reset Search
    Search Knowledge Base

Manage Record Access with the Role Hierarchy

« Go Back


Previous: Determine Object Access

Depending on your sharing settings, roles can control the level of visibility that users have into your organization's data. Users at any given role level can view, edit, and report on all data owned by or shared with users below them in the hierarchy, unless your organization's sharing model for an object specifies otherwise. Specifically, in the Organization-Wide Defaults related list, if the Grant Access Using Hierarchies option is disabled for a custom object, only the record owner and users granted access by the organization-wide defaults receive access to the object's records.

Working with Roles

To view and manage your organization's roles, from Setup, click Manage Users | Roles.

  • Choose one of the following list view options:
  • Show in tree view
    • See a visual representation of the parent-child relationships between your roles. Click Expand All to see all roles, or Collapse All to see only top-level roles. To expand or collapse an individual node, click the plus (+) or minus (-) icon.
  • Show in sorted list view
    • See a list that you can sort alphabetically by role name, parent role (Reports to), or report display name. If your organization has a large number of roles, use this view for easy navigation and filtering.
    • To show a filtered list of items, select a predefined list from the View drop-down list, or click Create New View to define your own custom views. To edit or delete any view you created, select it from the View drop-down list and click Edit.
  • Show in list view
    • See a list of roles and their children, grouped alphabetically by the name of the top-level role. The columns are not sortable. This view is not available for hierarchies with more than 1,000 roles.
  • To create a role, click New Role or Add Role, depending whether you are viewing the list view or tree view of roles, then edit the role fields as needed. You can create up to 500 roles for your organization.
  • To edit a role, click Edit next to a role name, then update the role fields as needed.
  • To delete a role, click Delete next to the role name.
  • To assign other users to a role, click Assign next to the role name.
  • To view detailed information about a role, click a role name. If you are a Salesforce Knowledge user, you can modify category visibility settings on the role detail page.


  • To simplify user management in organizations with large numbers of users, enable delegated administrators to manage users in specified roles and all subordinate roles.

Notes on Roles

  • Every user must be assigned to a role, or their data will not display in opportunity reports, forecast roll-ups, and other displays based on roles. If your organization uses territory management, forecasts are based on the territory hierarchy rather than the role hierarchy.
  • All users that require visibility to the entire organization should belong to the highest level in the hierarchy.
  • It is not necessary to create individual roles for each title at your company, rather you want to define a hierarchy of roles to control access of information entered by users in lower level roles.
  • When you change a user's role, any relevant sharing rules are evaluated to add or remove access as necessary.
  • When an account owner is not assigned a role, the sharing access for related contacts is Read/Write, provided the organization-wide default for contacts is not Controlled by Parent. Sharing access on related opportunities and cases is No Access.
  • To avoid performance issues, a single user shouldn't own more than 10,000 records of an object. In this case, we recommend that the user is not assigned to a role. If you must do so, place the user in a separate role at the top of the hierarchy and avoid moving the user out of that top-level role. Furthermore, keep the user out of public groups that could be used as the source for sharing rules.


Next: Manage Field-Level Security



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255