I have created a page where clients can enter data regarding contracts. When entering their account, the look up box allows them to see all the accounts we have in our salesforce system. Is there a way so that our clients are only allowed to see their accounts and sub accounts? There are many portal users so this fix would have to be a company/system wide solution, not limiting accounts and sub accounts using the render function.
Update the Salesforce Sharing rules to be private. Data security should be enforced at the data level. Trying to handle security through Skuid’s query leaves the door open for Salesforce’s API to be used and there are a variety of tools out there that can mine data in Salesforce.
The account sharing rules have been set to private for internal and external.
You must have a rule opening it up. Skuid won’t pickup any records the user wouldn’t already have access to natively in Salesforce.
Hello James,
John’s statements regarding Skuid are correct. Skuid honors all Salesforce privacy/security settings, so there may be a rule somewhere allowing users to see other records.
That said, there is also the option to add a “lookup filter” to the reference field. By using a lookup filter you can limit the records available in the reference. Depending on how these users are related to the accounts, this may be an option as well. Please see the linked Skuid Doc on this.
https://docs.skuid.com/v10.0.4/en/skuid/fields/lookup-fields.html#add-filters-to-limit-the-available-options
Hope this helps!
