You can use these groups and the sharing rule category to easily create sharing rules that grant all of your partner portal or Salesforce
users access to specific data. You can also create sharing rules between partner portal users and Salesforce users, but not between
partner users associated with different partner accounts.
If Salesforce Knowledge is enabled in your partner portal, portal users can see articles as permitted by the category group visibility
settings.
Partner Portal Role Hierarchy
A portal user role hierarchy is created for an account and its contacts when you enable the first partner portal user on that account.
The account is added to the role hierarchy beneath the user that owns the account. Whenever you enable a contact as a partner
portal user, he or she is automatically assigned to the User role in the account's portal role hierarchy. The default number of roles in
portal accounts is three. You can reduce the number of roles or add roles to a maximum of three. Partner users can be assigned one
of three roles:
•
Executive
•
Manager
•
User
The Partner Executive role is immediately under the channel manager's role in the role hierarchy. The Partner Manager role is
immediately under the Partner Executive role. The Partner User role is immediately under the Partner Manager role. Each role includes
the partner account name as part of the role name. For example, if the partner account name is Acme, the three roles are Acme
Partner Executive, Acme Partner Manager, and Acme Partner User. If the ownership of a partner account is changed to another
channel manager, the partner user role is moved to that location in the role hierarchy.
Note: Be careful managing your role hierarchy. Partner users at a given role level are always able to view and edit all data
owned by or shared with users below them in the hierarchy, regardless of your organization’s sharing model. Use administrative
reports to manage your partner roles.
Accounts with different portal types have a separate role hierarchy for each portal. Role names include the portal type with which
they are associated. For example, if Account A has both a partner portal and a Customer Portal, then roles for the Customer Portal
are named “Account A Customer User” and roles for the partner portal are named “Account A Partner User.”
All users in a partner user role have read access to all contacts under their partner account even when the contact sharing model is
private.
Partner users have read-write access to tasks associated with any object they can access. They also have read access to events
associated with any object they can access.
Partner users have the same access to Salesforce Knowledge articles as the account
owner.
To view the roles assigned to your partner portal users, create a custom report, choose Administrative Reports, select Users as the
data type, and add Role to your report columns.
Deletion of Partner Portal Roles
When you delete partner portal roles, the roles are renamed to maintain the hierarchy. For example, if the Manager role is deleted
from a three-role hierarchy of Executive, Manager, and User, then the Executive role is renamed to Manager but its ID remains the
same. When you create a partner portal role, the hierarchy of the new portal role is automatically determined and created bottom-up.
You can delete multiple roles in bulk for better performance. For example, if most of your users are assigned the User role, you can
delete the Executive and Manager roles. For more information on deleting partner roles, see the SOAP API Developer Guide.
Super User Access
Users can be assigned super user access to give them access to data owned by other users belonging to the same role or those
below in the hierarchy. For example, a Partner Manager with super user access can see data owned by other users in the Partner
Manager role and the Partner User roles.
10
Managing Partner UsersPartner Portal Users