How can I set pages I built so that our clients can only see their entered data?

edited September 2018 in Questions
I have created a page where clients can enter data regarding contracts. When entering their account, the look up box allows them to see all the accounts we have in our salesforce system. Is there a way so that our clients are only allowed to see their accounts and sub accounts? There are many portal users so this fix would have to be a company/system wide solution, not limiting accounts and sub accounts using the render function. 

Comments

  • edited September 2018
    Update the Salesforce Sharing rules to be private.  Data security should be enforced at the data level.  Trying to handle security through Skuid's query leaves the door open for Salesforce's API to be used and there are a variety of tools out there that can mine data in Salesforce.
  • edited September 2018
    The account sharing rules have been set to private for internal and external.
  • edited September 2018
    You must have a rule opening it up.  Skuid won't pickup any records the user wouldn't already have access to natively in Salesforce.
  • Clark CreggClark Cregg ✭✭✭
    edited September 2018
    Hello James,

    John's statements regarding Skuid are correct. Skuid honors all Salesforce privacy/security settings, so there may be a rule somewhere allowing users to see other records.

    That said, there is also the option to add a "lookup filter" to the reference field. By using a lookup filter you can limit the records available in the reference. Depending on how these users are related to the accounts, this may be an option as well. Please see the linked Skuid Doc on this.

    https://docs.skuid.com/v10.0.4/en/skuid/fields/lookup-fields.html#add-filters-to-limit-the-available-options 

    Hope this helps!
Sign In or Register to comment.