Compliant Data Sharing: Advanced Data Sharing Configuration to Improve Compliance (GA)
Where: This change applies to Lightning Experience in Professional, Enterprise, and Unlimited editions where Financial Services Cloud is enabled.
Why: Financial services firms want to follow privacy regulations and company data sharing policies when sharing client or deal data that contains confidential or material nonpublic information. Such data should only be accessible by users who need it based on their role regarding a specific client or deal.
Compliant Data Sharing features make it easier to control who can access specific records. CDS works seamlessly with existing Salesforce data sharing features. It provides extra access rules, but otherwise does not override sharing behavior from existing features.
How: First, clone the Financial Services Cloud Extension permission set. Add the user permissions Configure Compliant Data Sharing and Use Compliant Data Sharing to the cloned permission set. Assign the permission set to users or user profiles that require access to Compliant Data Sharing.
To enable CDS features for specific objects, go to Compliant Data Sharing > Object Enablement Settings in Setup. Select the objects that would benefit from enhanced data sharing rules. As of the Winter ’21 release, CDS can be applied to Account and Opportunity objects.
Also in Setup, define Participant Roles for each object. A Participant Role defines the access level for any user assigned to that role for a specific record. For example, a Senior Banker role can get full Read/Write access to an opportunity record, while an Associate role gets Read Only access.
Add the Account Participant related list to account page layouts, and the Opportunity Participant related list to opportunity page layouts. Manage sharing assignments in the participant related list for each object. For example, the Account Participant related list lets users assign people to roles for a specific account record. When a user is assigned to a role, they get record access based on the role’s default access level.