Skip to main content

User role hierarchy with record sharing rules

Use record sharing rules to model a user hierarchy in Mapsly. Start with the base object and field permissions in the profile, then add sharing rules to grant additional access to records at lower levels of the hierarchy.

Written by Sergey Shurygin

How it works:

Profiles define the default owner and non-owner access.

Record sharing rules add access when a record matches a condition.

Access can be granted as Hide, View, Modify, or per field.

When multiple rules apply, Mapsly uses the higher access level for each field.

How to set it up:

  1. Map out your hierarchy levels. E.g., Sales Rep → Sales Manager → Regional Manager.

  2. Pick the record field that reflects that hierarchy — Owner, Territory, Team, Region, or a custom field.

  3. Set base permissions on the profile first. This is the floor everyone starts from — sharing rules only add to it, never replace it.

  4. Enable record sharing rules on the entity.

  5. Create a rule that matches records owned by lower-level users, or belonging to a lower-level territory/team.

  6. Set the rule's access level — View or Modify, typically.

  7. Add more rules for other levels or record subsets that need a different access pattern.

  8. Limit to specific fields, if the rule shouldn't expose the whole record.

  9. Test with a user at each hierarchy level to confirm the result matches your design.

Example

Level

Access

How

Sales Rep

Edit own accounts

Base profile permission

Sales Manager

View accounts owned by reps

Rule: rep-owned records → View

Regional Manager

Modify accounts in their region

Rule: region-based records → Modify

Take an account owned by a rep in the North region: the manager's rule grants View, the regional manager's rule grants Modify. Mapsly combines both rules per field and keeps the highest level — so the regional manager ends up with Modify on that record, even though two separate rules applied to it.

Notes

  • Sharing rules add access — they never lower what a user already has.

  • If a user's access is already higher than a rule would grant, that rule simply has no effect for them.

  • The same record can match multiple rules at once. The resulting access is resolved per field, not per record.

See also


Did this answer your question?