Communities as a product has really started to flourish in recent releases. A handful of technologies have been brought together to make something awesome: force.com sites, legacy customer and partner portals, app builder, Site.com Studio, lightning framework, chatter, and of course some core objects and even custom objects… there’s a lot going on.
I have been working with both partner and customer community licenses lately, slightly different animals. One important difference is in the sharing of records.
Things you cannot do with a Customer Community (or Customer Community Login) license but can do with a Partner Community or Customer Community Plus license include:
- Share a record via the Role Hierarchy (high-volume licenses such as Customer Community do not have Roles)
- Share a record manually (via the “Share” button)
- Share a record via Apex/dynamic sharing (Seriously, you’ll get an error)
- Grant “Super User” Access to specific users
It’s that last bullet that was causing me grief recently. I wanted most Customer Community users to see Cases where they are the Contact, and some users to see any Cases on their Account, regardless of Contact. With no Super User function at my disposal, I found a surprisingly simple solution right under my nose by leveraging the one thing that Customer Community licenses have that the others do not… Sharing Sets!
Sharing Sets are kind of like if Criteria Based sharing and Lookup Filters had a baby… ok maybe that’s a confusing way to put it. They allow you to easily set a baseline such as “See all Cases where they are the Contact”, and other common scenarios. They have received some criticism for not being robust enough, but they are perfect for most typical use cases and in fact are pretty damn useful for solving our Super User conundrum, as it turns out.
You can only set one Sharing Set per Profile. So how can we have different Sharing for our Super Users? You guessed it… two Profiles. I’m a big fan of keeping your Profile list nice and small, but this was one spot where I was happy to have one additional Profile instead of coding up some special page to display records as needed (yeah, that was the fallback and it would have been ugly).
All we do is create one “Customer User” Profile and one “Customer Super User” Profile. In my example, I was trying to share Cases at a Contact level except Super Users can see any on the Account, regardless of who submitted it. You could extend this concept beyond Cases though to include other objects. Two profiles, each with their own Sharing Set. Done!
Well… actually then you want to give some thought to how this Super User Profile will be provisioned. In my case I am using Single-Sign On which provisions users on the spot and conditionally assigns one of the two profiles, but you could assign them in any number of other manners.
Need more flexibility? Only want to share *some* records based on the Contact or Account? If you can handle a few lines of code, check out my post on Advanced Community Sharing via Sharing Sets.