Salesforce

Sharing & Project Access Levels

Printable View
« Go Back
Information
Sharing & Project Access Levels
Sharing-and-Access-Control
Article Body

To upgrade from Custom User Settings to Project Access Levels and achieve greater flexibility and more precise management of Project-related data access, learn how to upgrade to Project Access Levels.

What is a Private Sharing Model?

The Salesforce Sharing Model enables records to be set as Public Read/Write, Public Read-only, or Private. In a Private setting, users can only access records they own unless explicit permissions are granted.

Sharing Organization-Wide Defaults (OWD)

OWD defines the baseline level of visibility and permissions for records across your organization.

Here’s a breakdown of the three Sharing Settings for OWDs:

  • Public Read/Write: All users can view and edit all records.

  • Public Read-only: All users can view records, but only owners or those with permissions can edit. (Recommended for Precursive objects.)

  • Private: Only owners or explicitly shared users can access records. Ideal for businesses with high-security needs or multiple units sharing the same Precursive instance.

Sharing Records beyond Organization-Wide Defaults (OWD)

Expand record access through the following methods:

Ownership-Based Access

Record owners and their queues have default access to projects and related records.

Role Hierarchy

The role hierarchy grants users access to records owned by users below them in the hierarchy, ensuring managers and higher-level roles have visibility and control over their team’s data.

Sharing Rules

Customers can define additional sharing rules to extend access to specific records. Sharing Rules can be configured based on Ownership or Record Criteria. Learn more about Sharing Rules.

Project Access Levels (PALs)

Project Access Levels are how Precursive provides a flexible layer on top of the Salesforce Sharing Model. Project Access Levels (PALs) are a set of Project, Phase and Task permissions that define access for each Participant. 

Sharing Records beyond Organization-Wide Defaults (OWD)

Learn more about Salesforce Sharing and Record Access Features.

Project Access Levels (PALs)

Project Access Levels (PALs) are a set of Project, Phase and Task permissions that define access for each Participant. PALs are assigned to Participants to define their level of access to the Project and Phase.

PAL Permissions Overview

The following Permissions can be defined on a Project Access Level record. Each Permission will grant access as follows:

 

Permission

Description

Manage Project

Edit Project and Project-level records (not included: All Phases, All Tasks).

Manage Phase

Edit Phase and Phase-level records (not included: All Tasks).

Manage Participants

Granting this option will allow Participants to manage other Participants assigned to the same Phase.

View Phase

Read Phase-related details with read-only access to all the dependent objects.

Manage All Tasks

Edit all Tasks in the Phase, including edit access to all Tasks-dependent records.

View All Tasks

Read all Tasks in the Phase, including read-only access to all Tasks-dependent records.

Manage My Tasks

Edit Tasks that are assigned to that Contributor, including edit access to these Tasks-dependent records.

Manage All Timesheets

Edit all Participants Timesheets.

View All Timesheets

View all Participants Timesheets.

Manage All Expenses

Edit all Expenses on the Phase.

View All Expenses

Read all Expenses on the Phase.

Submit Expenses

Create and submit Expenses on the Phase

Submit Time

Log Time and Submit their Timesheets on the Phase this Participant is assigned to.

 

Assigning Project Access Levels

PALs can be assigned to each individual Participant to define their level of access to the Project and Phase. To allow organizations to control Project Access Levels at scale PALs can be assigned as an org-wide default or as a Role default. When adding a Participant the PAL related to the Role will be used by default, or the org-wide will be used. When setting default Project Access Level org-wide or by role you will have two options:

  • Internal Project Access Level: Assigned for all internal Users

  • External Project Access Level:  Assigned if a Partner User Resource is assigned.

NOTE: Assigning a Project Access Level to a Role will only impact Participants created or assigned from the point of assignment. It will not assign a Project Access Level to all Participants with that Role.

Org-wide Default Project Access Level

Once you have created a Project Access Level, visit Precursive HQ > Project Settings. Set the Project Access Level as the Default Internal Project Access Level and Default External Project Access Level.

Role Default Project Access Level

For each Role, it is recommended to establish default Project Access Levels. To do this, first create a Project Access Level for each Role (or grouped Roles as needed), and then assign the appropriate access levels to each Role.

Navigate to Precursive HQ > Roles and while editing individual Role or creating new one provide a Project Access Level as the Internal or External Project Access Level.

Note: If these options are not visible on the Role Page Layout, contact your System Administrator to ensure these fields are added.

Create a Project Access Level

Steps to Create a PAL:

  • To create a Project Access Level navigate to Precursive HQ and find Project Access Level

  • Select New and provide and Name and define the Permissions.

  • Finally select Save.

  • The Project Access Level can now be assigned to a Role or Participant.

Enable Private Sharing Settings

To enable a Public Read-only or Private Sharing Model from Public Read-write you will need to follow the following actions:

  1. Configure OWD for Precursive objects

    • Read-only and Private Sharing is only supported for Project when ALL related Project objects are configured consistently (e.g. If Project is Private then Phase, Task etc. must all be Private).

  2. Define your Project Access Levels

  3. Assign Project Access Levels to existing Participants

Default Sharing Access Rules

When OWD is set as Public Read-only or Private for Precursive Objects then the following behaviour and sharing will be automatically applied:

Resource Supervisor

  • Access granted to a Resource will always be granted to their Supervisor with read-only access. 

  • For Timesheet and Expenses the Resource Supervisor will be granted the same access as the Resource.

Project Owner

  • Project Owner will be given Edit access to Phase and Phase related records even without a Participant being assigned to the Phase.

Phase Owner

  • Phase Owner will be given Read access to the Project and Edit access to Phase and Phase related records even without a Participant being assigned to the Phase.

Participants

  • Participants assigned to a Phase even without a PAL will be given read access to the Project, Phase, Lists, and Task Categories.

Record Ownership

To control access to records Precursive maintains record Ownership for the following Objects. The Owner of these records is the Resource User. If the Resource does not have a User then the Resource Supervisor will be the Record Owner.

  • Resource

  • Timesheet

  • Expenses

  • Availability

  • Utilization

  • Holiday Allowance

  • Holiday Request

Sharing Rules

When enabling Private sharing settings access to Projects and/or Resources then visibility and access will be locked down based on Ownership, Role Hierarchy, and Project Access Levels (PALs). You may have groups of users that should have access to view and edit Resources, Projects, and Timesheets that may not be the Resources Supervisor or may not be assigned to the specific Projects to be granted access through PALs. Access for these groups can be granted using Sharing Rules.

NOTE: Sharing Rules can only be created by a Salesforce Administrator. 

Cascading Access to Related Records

When sharing records in Precursive, it’s important to understand how access cascades—or does not cascade—to related records. Whether access propagates depends on the relationship type between the parent and child objects:

Relationship Types:

  1. Master-Detail Relationships

    • Related records automatically inherit access when the parent record is shared.

    • Example: Sharing a Timesheet automatically grants access to the associated Timesheet Lines and Timesheet Entries.

  2. Lookup Relationships

    • Related records do not automatically inherit access when the parent record is shared.

    • Example: Sharing a Project does not automatically share its associated Phases, Tasks, Health, or Insights.

Because Lookup Relationships do not cascade access, creating sharing rules for one object often requires corresponding sharing rules for its related objects.

Here is the simplified objects hierarchy that can be used to create these Sharing Rules. This does not include objects in Master-Details relationship.

Resource

  • Timesheet

Project

  • Phase

    • Expense

    • Expense Category

    • Insight

    • Invoice Phase

      • Billing Event

    • List

    • Milestone Progress

    • Phase Milestone

    • Project Budget

    • Project Task

      • Skill Requirements

    • Task Category

    • Template Import History

  • Project Milestone

In case more detailed overview will be needed, use the Precursive Data Model to identify the relationship types for each object.

 

Examples of Sharing Rules

Allow Edit for all Resources

To grant access to Resources you can create a Sharing Rule. This will only grant access to the Resource record. Should you want to grant access to related records you may want to additionally create similar sharing rules for “Availability”, “Utilization”, “Holiday Allowance”, and "Holiday Request"

  1. Create a Public Group called “Precursive: Manage All Resources” and include the appropriate Users

  2. Create a Sharing Rule

    1. Navigate to Setup > Sharing Settings

    2. From the picklist “*Manage sharing settings for” choose “Resource”

    3. Scroll down to the “Resource Sharing Rules” section and select “New”

      1. Step 1: Rule Name

        • Provide a Label: “Manage All Resources” (this will pre-populate the name)

      2. Step 2: Select your rule type

        • Ensure Rule Type is “Based on record owner”

      3. Step 3: Select which records to be shared:

        • Choose “Public Group” and “All Internal Users”

      4. Step 4: Select the users to share with

        • Choose “Public Group” and “Precursive: Manage All Resources”

      5. Step 5: Select the level of access for the users

        • Set Access Level to “Read/Write” 

      6. Select Save

Allow Edit for all Resources

  1. Sharing Rules are not effective immediately. While the Sharing Rule is being calculated you will see this message explaining a sharing rule operation is in progress.

Sharing Rules are not effective immediately 

Troubleshooting Sharing

There may be situations where you are unsure why someone does or does not have access to a specific record. In this scenario you can use the “Sharing” button available on all Objects (if you do not see it you may need your Salesforce Admin to add this button to the Page Layout or Lightning Page).

Find reason a User has access to a record

  1. Navigate to the record

  2. Select the “Sharing” button from the record header

  3. Then select “Edit”

  4. Then select “View Sharing Hierarchy”, this will list all users with access to the record.

  5. Find the User from the list and select View in the User Access Details column

  6. The “Reason for Access” column will describe the Sharing Rule or Sharing Reason that grants the User access to this record. 

Manually Trigger Project Access Level Sharing Calculations

If there are scenarios where Project Access Level Sharing is not automatically re-calculated. These scenarios will require re-calculation of all Project Access Level Sharing.

Scenarios where Project Access Level Sharing are not automatically re-calculated:

  • When first enabling Public Read-only or Private Sharing

  • When changing Project Access Level Permissions

  • Change to Resource Supervisor

To manually trigger Project Access Level Sharing Calculations navigate to Precursive HQ > System Settings > Background Processes > Calculate Shares tile.

Resources
Powered by