I have set the role Sales User to “Only if owner” for Leads and Opportunities.
A user that has only the Sales User role sees no Leads (correct/expected)
but sees some Opportunities (strange).
Is this a bug?
-Peter
Yes, I am attaching screenshots. This is a very serious information security problem.
The user PeterTest (role: Sales User) should not see any Leads, Opportunities or Contacts, because he has not created any yet.
Also after dismissing the error like “No permission to read Lead LEAD-00057”, the user actually gets full read access to that record.
@rushabh_mehta Has anyone else reported a solution for this issue? For us it’s a major security concern — we cannot allow every user to see others’ confidential data.
UPDATE: For anyone else who experiences this problem, under Sales User I unchecked “Apply User Permissions” for Opportunity and then for Contact and this fixed the problem — now the sales user should only see their own data.
I don’t really understand what “Apply User Permissions” is for or how it works…
@PeterDF Sorry the permission is a bit complex.
You have to check “Apply User Permissions” for all documents that you want restricted.
@rmehta Don’t you mean uncheck “Apply User Permissions” for all documents that you want restricted?
In my test case, when “Apply User Permissions” is checked the user has access to documents they do not own.