Relationship-based permissions

You can use a relationship between a user or a portal user and records to give that user access to related records only, rather than to all records of that type.

You can assign permissions through relationships when editing object-related permissions or you can navigate from the Permissions link in the Relationships section:

Consider the following example: You want to limit the access of users in the Account Manager role to Order records, only allowing users in that role to view, edit, and delete records that they own while allowing any user in that role to create records. There is a one-to-many relationship between User (the relationship is named Owner) and Order. To achieve this, specify the following permissions:

• On the Account Manager role: Create
• On the Owner relationship: View, Edit and Delete

For dependent records, such as Order Line Items in the example above, use role-based permissions. This strategy works because the user can only access these dependent records through the parent record, access to which is controlled through the relationship.