platform-sharing-rules-generate

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Sharing Rules Generator

Sharing Rules生成器

Generate Salesforce Sharing Rules metadata to control record-level access beyond org-wide defaults. Supports criteria-based rules, role/group-based owner rules, and guest user rules for Experience Sites.
生成Salesforce Sharing Rules元数据,以控制超出组织级默认设置(OWD)的记录级访问权限。支持基于条件的规则、基于角色/组的所有者规则,以及适用于Experience Sites的访客用户规则。

Scope

适用范围

  • In scope: Generating
    sharingCriteriaRules
    ,
    sharingOwnerRules
    , and
    sharingGuestRules
    metadata; retrieving existing sharing rules from an org; appending new rules to existing files; configuring rules for Guest and Portal profiles.
  • Out of scope: Changing org-wide defaults (OWD/sharing model), creating Experience Sites, configuring permission sets or profiles (use
    platform-permission-set-generate
    ), territory-based sharing rules.

  • 包含范围:生成
    sharingCriteriaRules
    sharingOwnerRules
    sharingGuestRules
    元数据;从组织中检索现有共享规则;将新规则追加到现有文件中;为访客和门户配置文件配置规则。
  • 排除范围:更改组织级默认设置(OWD/共享模型)、创建Experience Sites、配置权限集或配置文件(请使用
    platform-permission-set-generate
    )、基于区域的共享规则。

Clarifying Questions

澄清问题

Before generating, confirm with the user if not already clear:
  • Which object should the sharing rule apply to? (standard or custom object API name)
  • What type of rule? (criteria-based, role/group-based owner rule, or guest user rule)
  • Who should records be shared with? (role name, group, portal role, or guest user nickname)
  • What access level? (Read or Read/Write)
  • For criteria-based rules: what field conditions should match?

生成前,若用户未明确说明,请确认以下信息:
  • 共享规则应应用于哪个对象?(标准或自定义对象API名称)
  • 规则类型是什么?(基于条件、基于角色/组的所有者规则,或访客用户规则)
  • 记录应共享给谁?(角色名称、组、门户角色或访客用户昵称)
  • 访问级别是什么?(只读或读写)
  • 对于基于条件的规则:应匹配哪些字段条件?

Required Inputs

必填输入

Gather or infer before proceeding:
  • Object API name: The sObject the rule targets (e.g.,
    Account
    ,
    Property__c
    )
  • Rule type: One of
    sharingCriteriaRules
    ,
    sharingOwnerRules
    , or
    sharingGuestRules
  • Shared-to target: Role, group, portal role, or guest user community nickname
  • Access level:
    Read
    or
    Edit
    (maps to Read-Only or Read/Write)
  • Criteria (for criteria/guest rules): Field name, operation, and value for each filter item
Defaults unless specified:
  • Access level:
    Read
  • includeRecordsOwnedByAll
    :
    true
    for criteria rules
  • includeHVUOwnedRecords
    :
    false
    for guest rules
  • Account sharing rules include
    accountSettings
    with all sub-access levels set to
    None

在开始前收集或推断以下信息:
  • 对象API名称:规则目标的sObject(例如:
    Account
    Property__c
  • 规则类型
    sharingCriteriaRules
    sharingOwnerRules
    sharingGuestRules
    中的一种
  • 共享目标:角色、组、门户角色或访客用户社区昵称
  • 访问级别
    Read
    Edit
    (对应只读或读写)
  • 条件(适用于基于条件/访客规则):每个筛选项的字段名称、操作和值
默认设置(除非另行指定):
  • 访问级别:
    Read
  • 基于条件规则的
    includeRecordsOwnedByAll
    true
  • 访客规则的
    includeHVUOwnedRecords
    false
  • 账户共享规则包含
    accountSettings
    ,所有子访问级别设置为
    None

Workflow

工作流程

All steps are sequential. Do not skip or reorder.
所有步骤按顺序执行,请勿跳过或重新排序。

Phase 1 — Discover

阶段1 — 发现

  1. Resolve the SFDX project path — find the project's
    sfdx-project.json
    and identify the package directory for
    sharingRules/
    .
  2. Check for existing sharing rules — look for
    <packageDir>/sharingRules/<ObjectName>.sharingRules-meta.xml
    . If found, read it to understand existing rules and avoid duplicates.
  3. If no local file exists, retrieve from the org:
    sh
    sf project retrieve start --metadata "SharingRules:<ObjectName>" --target-org <org>
  1. 解析SFDX项目路径 — 找到项目的
    sfdx-project.json
    ,并确定
    sharingRules/
    所在的包目录。
  2. 检查现有共享规则 — 查找
    <packageDir>/sharingRules/<ObjectName>.sharingRules-meta.xml
    。如果找到,读取文件以了解现有规则并避免重复。
  3. 如果本地文件不存在,从组织中检索:
    sh
    sf project retrieve start --metadata "SharingRules:<ObjectName>" --target-org <org>

Phase 2 — Determine Rule Type

阶段2 — 确定规则类型

  1. Select the rule type based on user intent. Read
    references/rule-types.md
    for the complete schema of each type and its required elements.
  2. For Account sharing rules: the
    accountSettings
    element is required. Default sub-access levels to
    None
    unless the user specifies otherwise.
  3. For Guest rules: the
    sharedTo
    must use
    <guestUser>
    with the site guest user's community nickname. Never use
    <role>
    or
    <group>
    for guest rules.
  1. 根据用户意图选择规则类型。阅读
    references/rule-types.md
    以了解每种类型的完整架构及其必填元素。
  2. 对于账户共享规则:必须包含
    accountSettings
    元素。除非用户另行指定,否则默认子访问级别为
    None
  3. 对于访客规则
    sharedTo
    必须使用
    <guestUser>
    并指定站点访客用户的社区昵称。访客规则绝不能使用
    <role>
    <group>

Phase 3 — Generate

阶段3 — 生成

  1. Construct the XML following the schema in
    references/rule-types.md
    . Key structure:
    • One
      .sharingRules-meta.xml
      file per object
    • All rules for the same object go in the same file
    • If appending to an existing file, add the new rule element inside the existing
      <SharingRules>
      root
  2. Name the rule — derive
    <fullName>
    from the intent (PascalCase, no spaces, descriptive). Generate a matching
    <label>
    in Title Case with spaces.
  3. Write the file to
    <packageDir>/sharingRules/<ObjectName>.sharingRules-meta.xml
    .
  1. 按照
    references/rule-types.md
    中的架构构建XML
    。核心结构:
    • 每个对象对应一个
      .sharingRules-meta.xml
      文件
    • 同一对象的所有规则都放在同一个文件中
    • 如果追加到现有文件,将新规则元素添加到现有
      <SharingRules>
      根元素内
  2. 命名规则 — 根据意图生成
    <fullName>
    (采用帕斯卡命名法,无空格,描述性命名)。生成对应的
    <label>
    (采用标题大小写,带空格)。
  3. 写入文件
    <packageDir>/sharingRules/<ObjectName>.sharingRules-meta.xml

Phase 4 — Verify

阶段4 — 验证

  1. Run the verification checklist below before presenting output.

  1. 在输出前运行以下验证清单

Verification Checklist

验证清单

Universal Checks

通用检查

  • Does the file have the XML declaration and
    <SharingRules xmlns="http://soap.sforce.com/2006/04/metadata">
    root?
  • Is there exactly one file per object with all rules inside it?
  • Does
    <fullName>
    use PascalCase with no spaces?
  • Is
    <label>
    present and human-readable?
  • Is
    <accessLevel>
    one of
    Read
    or
    Edit
    ?
  • 文件是否包含XML声明和
    <SharingRules xmlns="http://soap.sforce.com/2006/04/metadata">
    根元素?
  • 是否每个对象对应一个文件,且所有规则都在该文件内?
  • <fullName>
    是否采用帕斯卡命名法且无空格?
  • 是否存在
    <label>
    且易于理解?
  • <accessLevel>
    是否为
    Read
    Edit
    之一?

Criteria Rule Checks

条件规则检查

  • Is
    <includeRecordsOwnedByAll>
    present (required boolean)?
  • Does each
    <criteriaItems>
    have
    <field>
    ,
    <operation>
    , and
    <value>
    ?
  • Are picklist values valid for the target org?
  • 是否存在
    <includeRecordsOwnedByAll>
    (必填布尔值)?
  • 每个
    <criteriaItems>
    是否包含
    <field>
    <operation>
    <value>
  • 选择列表值对于目标组织是否有效?

Guest Rule Checks CRITICAL

访客规则检查 关键

  • Does
    <sharedTo>
    use
    <guestUser>
    (NOT
    <role>
    or
    <group>
    )?
  • Is
    <includeHVUOwnedRecords>
    present (required boolean)?
  • Is
    <includeRecordsOwnedByAll>
    ABSENT (only for criteria rules, not guest rules)?
  • <sharedTo>
    是否使用
    <guestUser>
    (而非
    <role>
    <group>
    )?
  • 是否存在
    <includeHVUOwnedRecords>
    (必填布尔值)?
  • 是否不存在
    <includeRecordsOwnedByAll>
    (仅适用于条件规则,不适用于访客规则)?

Owner Rule Checks

所有者规则检查

  • Does the rule have both
    <sharedFrom>
    and
    <sharedTo>
    elements?
  • Do both use valid
    <role>
    ,
    <roleAndSubordinates>
    , or
    <group>
    targets?
  • 规则是否同时包含
    <sharedFrom>
    <sharedTo>
    元素?
  • 两者是否都使用有效的
    <role>
    <roleAndSubordinates>
    <group>
    目标?

Account-Specific Checks CRITICAL

账户专属检查 关键

  • If object is Account, is
    <accountSettings>
    present with all three sub-elements?
  • Are
    <caseAccessLevel>
    ,
    <contactAccessLevel>
    ,
    <opportunityAccessLevel>
    all set?

  • 如果对象是Account,是否存在
    <accountSettings>
    且包含所有三个子元素?
  • <caseAccessLevel>
    <contactAccessLevel>
    <opportunityAccessLevel>
    是否都已设置?

Rules / Constraints

规则 / 约束

ConstraintRationale
One
.sharingRules-meta.xml
file per object
Platform requirement — multiple files cause deployment errors
Guest rules must use
<guestUser>
in
sharedTo
Using
<role>
or
<group>
causes: "Specify a guest user's nickname for the guestUser field"
Account rules require
<accountSettings>
Without it: "AccountSettings is required for account sharing rules"
includeRecordsOwnedByAll
is required on criteria rules
Missing it causes: "Required field is missing: sharingCriteriaRules"
includeHVUOwnedRecords
is required on guest rules
Missing it causes deployment failure
Criteria field values must exist as picklist values on the orgInvalid values cause: "Picklist value does not exist"
Never hardcode file paths — resolve from
sfdx-project.json
Customer projects use custom package directories

约束理由
每个对象对应一个
.sharingRules-meta.xml
文件
平台要求 — 多个文件会导致部署错误
访客规则必须在
sharedTo
中使用
<guestUser>
使用
<role>
<group>
会导致错误:"Specify a guest user's nickname for the guestUser field"
账户规则需要
<accountSettings>
缺少该元素会导致错误:"AccountSettings is required for account sharing rules"
条件规则必须包含
includeRecordsOwnedByAll
缺少该元素会导致错误:"Required field is missing: sharingCriteriaRules"
访客规则必须包含
includeHVUOwnedRecords
缺少该元素会导致部署失败
条件字段值必须是组织中存在的选择列表值无效值会导致错误:"Picklist value does not exist"
切勿硬编码文件路径 — 从
sfdx-project.json
解析
客户项目使用自定义包目录

Gotchas

常见问题

IssueResolution
Guest rule uses
<role>
instead of
<guestUser>
Replace with
<guestUser>CommunityNickname</guestUser>
Account rule missing
accountSettings
Add
<accountSettings>
with all three access level sub-elements set to
None
Criteria rule missing
includeRecordsOwnedByAll
Add
<includeRecordsOwnedByAll>true</includeRecordsOwnedByAll>
Picklist value mismatchQuery the org for valid values before generating criteria
Appending duplicates existing rule nameCheck existing
<fullName>
values before writing
Guest user nickname not foundQuery:
SELECT CommunityNickname FROM User WHERE UserType='Guest' AND IsActive=true

问题解决方案
访客规则使用
<role>
而非
<guestUser>
替换为
<guestUser>CommunityNickname</guestUser>
账户规则缺少
accountSettings
添加
<accountSettings>
,并将所有三个访问级别子元素设置为
None
条件规则缺少
includeRecordsOwnedByAll
添加
<includeRecordsOwnedByAll>true</includeRecordsOwnedByAll>
选择列表值不匹配在生成条件前查询组织获取有效值
追加的规则与现有规则名称重复在写入前检查现有
<fullName>
访客用户昵称未找到执行查询:
SELECT CommunityNickname FROM User WHERE UserType='Guest' AND IsActive=true

Output Expectations

输出预期

Deliverables:
  • <packageDir>/sharingRules/<ObjectName>.sharingRules-meta.xml
    — complete sharing rules file for the target object

交付成果:
  • <packageDir>/sharingRules/<ObjectName>.sharingRules-meta.xml
    — 目标对象的完整共享规则文件

Cross-Skill Integration

跨技能集成

NeedDelegate to
Permission set configuration
platform-permission-set-generate
skill
Custom object creation (if target object doesn't exist)
platform-custom-object-generate
skill

需求委托至
权限集配置
platform-permission-set-generate
技能
自定义对象创建(如果目标对象不存在)
platform-custom-object-generate
技能

Reference File Index

参考文件索引

FileWhen to read
references/rule-types.md
Phase 2 — before generating any rule, to get the complete XML schema for each rule type
文件阅读时机
references/rule-types.md
阶段2 — 在生成任何规则之前,获取每种规则类型的完整XML架构