Salesforce provides administrators with robust tools to manage data access and visibility across the platform. Two essential features in this area are Scoping Rules and Restriction Rules. While they may seem similar at first glance, they serve different purposes and are implemented differently. Understanding how and when to use each is crucial for maintaining security, streamlining workflows, and improving user productivity. Let’s explore how Scoping Rules differ from Restriction Rules and what each offers.
What are Scoping Rules?
Scoping Rules help control which records appear by default for users in list views, searches, and reports. They don’t limit access, but rather fine-tune what users see first, based on specific conditions like role, region, or ownership.
Key Features of Scoping Rules
- Default Record Display: These rules set which records show up by default. Users still retain full access to all records they’re permitted to view.
- Switchable Views: Users can change views by switching between scopes to focus on specific sets of data.
- Supported Objects: Available for custom objects and select standard objects such as Account, Case, Contact, Event, Lead, Opportunity, and Task.
- Limits: Up to 2 active rules per object in Enterprise and Developer editions.
- No Security Impact: Scoping Rules don’t block access—they simply streamline the user experience.
Use Cases
- Sales reps viewing only their assigned leads or opportunities.
- Support teams managing region-specific cases.
- Marketing teams working with accounts based on certain engagement levels.
What are Restriction Rules?
Restriction Rules go a step further by actively limiting which records users can see, even if they usually have permission. These rules are enforced based on strict conditions and override any sharing settings.
Key Features of Restriction Rules
- Strict Record Control: Users cannot access records outside the rule’s criteria. The system enforces this limit across the platform.
- Enhanced Security: Ideal for sensitive or private data—like legal or financial records—that should only be visible to specific users.
- Supported Objects: Includes custom and external objects, Contracts, Tasks, Events, Timesheets, and more.
- Limits: Just like Scoping Rules, up to 2 active rules per object in Enterprise and Developer editions.
- Permanent Filtering: Restriction Rules apply to everything—List Views, Lookups, Related Lists, Reports, SOQL, SOSL, etc.
Use Cases
- Preventing one sales team from viewing another team’s deals.
- Hiding confidential contracts from non-legal teams.
- Ensuring task/event visibility is limited to assigned or authorized users.
Scoping Rules vs. Restriction Rules: Side-by-Side Comparison
| Feature | Scoping Rules | Restriction Rules |
| Purpose | Refines what data shows up by default | Enforces strict record-level access |
| Data Access Impact | Doesn’t limit access, just filters view | Blocks access to disallowed records |
| Effect on Sharing Rules | Works with sharing settings | Overrides sharing settings |
| Flexibility | Users can switch views | Users cannot bypass the rule |
| Use Case | Boosting productivity | Securing sensitive data |
| Where It Applies | List Views, SOQL, Reports | All areas including Search, Lookups, Related Lists |
| Objects Supported | Accounts, Leads, Tasks, Opportunities, etc. | Contracts, Tasks, Events, Timesheets, etc. |
| Limits | 2 per object, 10 per org | 2 per object, 10 per org |
| Performance Impact | Enhances visibility for user efficiency | Increases control and compliance |
How to Implement Scoping and Restriction Rules
Setting Up a Scoping Rule
- Go to Setup > Object Manager.
- Choose the object you want to configure.
- From the sidebar, click on Scoping Rules.
- Create a new rule by defining User Criteria and Record Criteria.
- Save and activate the rule.
Example:
A Site Inspector at a construction firm only needs to see the sites they’re assigned to, but might occasionally search others. A Scoping Rule can filter their view to show only relevant sites while retaining full access.
Setting Up a Restriction Rule
- Go to Setup > Object Manager.
- Select the object for the rule.
- Click on Restriction Rules from the left menu.
- Define User Criteria and Record Criteria.
- Activate and save the rule.
Example:
The legal team should only access finalized site records. Use a Restriction Rule to limit their view to finalized records only, hiding those that are pending or rejected.
Summary
Both Scoping Rules and Restriction Rules are vital tools in the Salesforce platform, each playing a unique role in managing data access and visibility. Scoping Rules are ideal when you want to optimize user focus without reducing access, while Restriction Rules are best for enforcing strict security and ensuring compliance.
By understanding and applying these tools effectively, Salesforce admins can strike the right balance between usability and data protection—tailoring access to match business goals and security needs.
Want expert help configuring Scoping or Restriction Rules in your Salesforce org?
Let the certified professionals at iBirds Services assist you in building a secure, efficient, and streamlined Salesforce environment.