Sunday, May 14, 2017

Important Things to Consider for Record Access while Designing Large Scale Applications

As we already know through Organization wide default, record access to different users in system can be controlled. Apart from OWD, user can get record access through role, being a part of public group with which record is shared, territories etc. In order to control access of records, Salesforce maintain record sharing data and recalculate the sharing when any changes happen to role, territory, public group etc. For end user, changing user's role is simple operation but at the back end, Salesforce has to perform all record sharing recalculation based on user's new role.

Lets discuss all this in details. First we will start with Database Architecture. Salesforce maintains 3 types of tables as mentioned below:

  • Object Record Table
These are the tables which stores records of specific object and indicate which user or queue owns each record.
  • Object Sharing Table
If OWD of any object is public read only or private, the Salesforce create share table for that object.This table store information about record access for all users which is shared by explicit grant (shared with user or group) or implicit grant (built in sharing like access to child opportunity, cases if you have access to account record).
  • Group Maintenance Tables
This table stores list of users or groups that belong to each group indicating group membership. Suppose a record is shared with group, then Salesforce check group maintenance table to identify which all users inherit access to that record (either through role hierarchy, group membership or through territories).

So when Salesforce has to find out that if user has access to record, then it perform join between three tables to identify record access for user. If user is owner of record, then it will display that record. If not it will check object sharing table and group maintenance table to find users access to record.

Salesforce Role hierarchy, public groups and territories are closely connected with sharing rules and security features. Suppose an user owns more than 10,000 records and now admin just changed this role. Now salesforce need to remove access to all these records for all user which are having higher role than user's previous role and need to provide access to all user's in higher role than new user's new role. So Salesforce has to recalculate the record access and sometimes it may take more time.

In order to handle these scenarios, Salesforce provide few tools which can be used to avoid these issues caused by user realignment either through roles, territory or public groups:

  • Parallel Sharing Rule Calculation
Whenever admin changes user's role or change group membership or create, edit or delete sharing rules, then recalculation for record access happens synchronously. So when any of these changes affects access right to large number of records, the recalculation job take longer time. If any Salesforce perform any activity at this time like patch release or upgrade, then recalculation jobs get killed. In this scenrio, consider parallel Sharing Rule calculation. This will split the job in multiple threads which will run asynchronously and if Salesforce perform any activity, these jobs will resume after salesforce activity.

Contact Salesforce in order to enable this feature.
  • Deferred Sharing Maintenance
Suppose you have rebuild the role hierarchy and group membership, the sharing recalculation may take significant time. In this kind of scenarios, you can enable deferred sharing which will allow admins to switch off of sharing recalculation and perform all role and group membership changes and then switch on sharing calculation. After switching on sharing calculation, admin has to start recalculation of all sharing rules for accurate user access rights.

Remenber deferred sharing doesnot stop sharing recalculation due to implicit sharing.
Contact Salesforce in order to enable this feature.
  • Granular locking
Whenever any change is performed to roles or group, Salesforce locks entire Group membership table to protect data integrity. This will make impossible to perform group membership changes. Consider a scenario in which your users are facing frequent record locking error and restrict their ability to manage manual and automatic update at same time or degrade the group maintenance updates, then enable Granular Locking feature.

If Granular locking feature is enabled then system will lock portion of records instead of locking entire Group maintenance table. This allow multiple update simultaneously if there is no hierarchical or other relationship between the roles and groups involved in the update.

You need to contact Salesforce to enable Granular locking feature.


More Blogs>>: 
DYNAMIC APEX IN SALESFORCE
SOQL INJECTION IN SOQL
CUSTOM METADATA AND CUSTOM SETTINGS IMPLEMENTATION TRICKS
SMART TABLE USING ANGULARJS IN VISUALFORCE PAGE
REST API TUTORIAL FOR SALESFORCE
VISUALFORCE COMPONENT FOR RECORD STATUS BAR
DYNAMICALLY CREATING AND DESTROYING LIGHTNING COMPONENTS    
RAISING AND HANDLING CUSTOM EVENTS IN sALESFORCE lIGHTNING    
WHY TO USE DESIGN RESOURCE AND HOW TO ADD DYNAMIC OPTION TO DATASOURCE    
PASSING INNER WRAPPER CLASS TO LIGHTNING COMPONENT    
LIGHTNING COMPONENT FOR RECORDTYPE SELECTION FOR ANY SOBJECT    

27 comments:

  1. The blog is clear demonstration of the fact that, you can’t compromise with the quality.
    resumeyard.com

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. thank your valuable content.we are very thankful to you.one of the recommended blog.which is very useful to new learners and professionals.content is very useful for hadoop learners


    Best Spring Classroom Training Institute
    Best Devops Classroom Training Institute
    Best Corejava Classroom Training Institute
    Best Advanced Classroom Training Institute
    Best Hadoop Training Institute
    Best PHP Training Institute

    ReplyDelete
  4. In the event that your organization is diminished to a second or third page section you'll lose a lot of traffic, as individuals normally select connections from the main page. Webdesign

    ReplyDelete
  5. Pretty amazing work on the author's part and This blog is a five star work.www.canvasprints.com

    ReplyDelete
  6. Thank you for sharing this useful article with us. This blog is a very helpful to me in future. Keep sharing informative articles with us.

    https://www.ahmedabadcomputereducation.com/course/laravel-training-course/

    ReplyDelete
  7. Great sources for knowledge. Thank you for sharing this helpful article. It is very useful for me.

    https://www.ahmedabadcomputereducation.com/course/laravel-training-course/

    ReplyDelete
  8. Thank you for sharing this useful article with us. This blog is a very helpful to me. Keep sharing informative articles with us.

    https://www.sdsfin.in/services/project-finance-consultants-in-ahmedabad/

    ReplyDelete
  9. Awesome content for reading as well as knowledge. Thank you for sharing this informative article with us.

    https://www.sdsfin.in/about-us/

    ReplyDelete
  10. That would seem wholly great. Every one compact info are designed coupled with number of track record comprehension. Everyone loves the following a lot. mobile app development company

    ReplyDelete
  11. It's a very informative blog and I am exactly looking for this type of blog. Thank you for sharing this beautiful blog.

    https://superurecoat.com/titanium-iso-propoxide/

    ReplyDelete
  12. I am really happy to say it’s an interesting post to read . I learn new information from your article , you are doing a great job . Keep it up





    ReplyDelete
  13. If you are able to rely on personal referrals or word of mouth, this is likely to offer the most efficient way of locating a reliable web design service. But, if you don't have this opportunity you can use the Internet to search for the companies that seemed to be offering the type of design service you require. You might wish to look at the locally based companies or outsource overseas for getting the right service. If you are able to find positive comments next to a company's name when conducting the research this is likely to be a good indication that you have located a reliable Web Design Company Toronto

    ReplyDelete
  14. Thank you so much for sharing such a good post. I would like to share some information about Offshore software development company. If you looking for mobile app development and want to Hire Android App Developers, Hire ASP DOT NET Developers and hire Python Developers . you can contact with us.

    ReplyDelete
  15. Great sources for knowledge. Thank you for sharing this helpful article Tubidy. It is very useful for me.

    ReplyDelete
  16. What a nice presentation of this website , full of praise , Know also Bhasm Aarti Mahakaal Facts

    ReplyDelete
  17. What is Crime Hindi
    Amazing Website and nice blog thanks for sharing

    ReplyDelete
  18. Great information Thank you.

    ELearn Infotech offers Java Training in Hyderabad by Industry Experts. Our realtime Java Course includes from Basic to Advanced Level concepts. We have designed our Java course content based on students Requirement to Achieve their Goal. We offer both Java classroom training in Hyderabad and Java online training with real-time projects. We are one of the leading Java Training Institutes in Hyderabad.

    ReplyDelete