Career / Certifications

Experience Cloud Certification Deep Dive: Advanced Sharing aka Role Based Sharing

By Dave Ge

There is a Community Cloud practice test question, first seen on Salesforce Ben in 2016 and now propagated and plagiarized by every exam dump site on the planet, about sharing cases created in a community with internal org users. By exploring this question and the answer, there is a lot to be learned about Community Cloud, license tiers, Sharing Sets, and Custom Sharing Groups.

While the ostensible answer seems simple enough, a deep dive into the question and related issues is a useful learning and educational experience, especially for people studying to pass the Community Cloud certification, now called Experience Cloud.

Advanced Sharing Example Question:

You wish to share cases created and owned by your community users (Customer Community Plus) with the internal product support team. What is the best way to achieve this?

A) Custom Sharing Rule

B) Custom Sharing Set

C) Custom Permission

D) Custom Sharing Group

E) Records owned by community members are automatically shared with all internal users

Unpack the Question:

The problem to solve is sharing case records created by community users with internal Salesforce org users. This would be a typical scenario for a company hosting a support site using a Salesforce community.

Note the question specifically asks in the context of a Customer Community Plus license tier. For the solution to work the license tier must be Customer Community Plus, not Customer Community. The Customer Community Plus license tier grants access to “advanced sharing” which is necessary in this case.

The correct answer is a sharing set and sharing group. Did you guess it correctly?

Solve the Problem:

The first step in addressing this issue is to create a custom sharing set allowing the community members to share cases.

The second step is to create a custom sharing group associated with that sharing set, and include the internal users from the internal product support team in this sharing group.

A Sharing Set grants community or portal users access to any record associated with an account or contact that matches that community user’s account. A Share Group allows sharing records owned by community users with internal users. This mechanism grants internal users access to data owned by community users. This capability exists under the Customer Community Plus license tier and not the Customer Community license.

According to Salesforce, Sharing Sets exist and were created for the exclusive purpose of allowing members of a community to see other community member’s records, such as cases. These community members must all be associated as contacts with the same account. When created, a sharing set is associated with one or more internal user profiles. Once the sharing set is created and assigned to profiles, a Sharing Group is created and associated with users or roles, and is associated with the Sharing Set.

If you think this sounds convoluted, you’re right. It is. Seeing it done makes it clearer.

Click to Setup > Communities > Community Settings > Sharing Sets > New to create a new sharing set.

There are choices on the panel as follows:

Select a profile to associate with the sharing set. In this example the Customer Community Plus User profile is selected.

Select the object(s) to be shared. In this example Case was selected. Note the object list is a subset of available Salesforce objects. As the hint shows, the object list does not include objects with public read/write OWD because there would be no need for a sharing set.

Under Configure Access click on Set Up.

An Access Mapping for Case panel is displayed. In this example, the access mapping is if User.Account matches Case.Account then grant Read/Write access. Remember to click Update before closing the box.

Click Save. The Communities Settings page is displayed again.

Click on the newly created Sharing Set name. Some detail about the Sharing Set is displayed. Note the second tab that appeared, with the label Share Group Settings.

Click the Share Group Settings tab and a panel is displayed, allowing entry and specification of Share Group Members. These members are specified as members of Public Groups, Roles, Roles and Internal Subordinates; Roles, Internal, and Portal Subordinates; or Users. Note profile is not an option.

Select a share group member(s), click save, and you are done.

Why Does the Question Name Customer Community Plus Licenses?

Community Cloud users (e.g. NOT Plus licenses) are Salesforce Contacts, not Salesforce Users. They have a profile. They do not have roles. They cannot be made members of a Share Group. Customer Community Plus users are assigned roles, and can be made members of a Share Group through their role. This is why it is important to understand why the original question names Customer Community Plus tier licensees and not Customer Community licensees.

A Customer Community license tier would not allow what Salesforce calls “Advanced Sharing”, aka “Role based sharing”. Although both tiers allow community user access to the Case object, the Customer Community license tier does not allow “Advanced Sharing”, needed to use Sharing Groups. The Customer Community Plus license tier allows access to “Advanced Sharing” which includes use of sharing groups.

Definition (or lack of) “Advanced Sharing”

There is an overwhelming plethora of Salesforce and third-party documentation comparing the various Salesforce community license tiers and feature lists. All say the same thing, that CCP allows access to “Advanced Sharing”, and CC does not; without any clarification or definition of exactly what “Advanced Sharing” is. I have yet to find any official Salesforce documentation with an explicit definition of “Advanced Sharing”. Apparently, Salesforce expects you to know this, through osmosis or transcendental meditation perhaps.

From a lot of reading and research, Advanced Sharing seemingly means roles, role-based sharing rules, and “other advanced sharing features” (I love this).

Further Reading

This question, and specifically in the context of sharing Case data with internal org users, is addressed in many sources of reference information that help explain the issue. It would appear from this abundance of such information that Salesforce considers this issue important. Having recently taken the certification exam, I can confirm I feel the topic is worth studying. To research this question I studied the following sources and found them helpful. I hope it is helpful and informative for you too.

Trailhead: There is a short Trailhead project focused on exactly this topic that is worth studying. See “Share CRM Data with Your Partners”. The sixth module in this project is titled “Use Community-specific Sharing”. In this module is an informative video, part of the extended Salesforce “Who sees What in Communities” video series.

Setup Guide: There are three relevant sections in the Setup Guide that, to the exclusion of defining “Advanced Sharing” shed light on this question:

  • Understand what is a sharing set by reading “Set Up Sharing Sets”
  • See “Use Share Groups to Share Records Owned by High Volume Community Users”. Note in this article that a “High Volume Community User” is simply a community member under a Customer Community or Customer Community Plus license.
  • “About High-Volume Community Users” further defines and explains what a high volume community user is.

The Setup Guide repeatedly emphasizes that one sharing set per object, and one sharing set per profile, is supported.

In the Setup Guide, see also “Communities User Licenses” for something less than a fully edifying explanation of the differences between Customer Community and Customer Community Plus license tiers, specifically with regard to definition of “Advanced Sharing”. Sharing Sets are available under all Community licenses.

Sudpita’s web page: Nice explanation of sharing sets and sharing groups.

See “Community Guide for Absolute Beginners” at Apparently Advanced Sharing is also known as “Role-based sharing”.

Gemma Blezard has a nice presentation on this. Skip the first ten minutes of introductions. She gets to the point about sharing sets and groups 20 minutes in, but the whole video after the introductions, is worth watching.

Phil Weinmeister explains this nicely in chapter 8 of his Communities Book, also with Case sharing as an example.

The Author

Dave Ge

11x certified Salesforce Administrator living in Redwood City, California


    Stacey Mueller
    May 06, 2021 1:43 pm
    Wow! This is an extremely useful article!
    Dave Ge
    May 07, 2021 3:08 am
    Thankyou:) DG
    January 20, 2022 9:09 am
    Thanks for the content. Just to add an opinion, I think the naming of Customer Community 'Plus' License was actually just to rule out A) Custom Sharing Rule only, and is not about the sharing group. While it is true that Customer Community cannot be added to sharing group, they are not key viewers for the question; the key viewers are internal org users ( whom, we assume, can be added to sharing group without problem.) So the order would be: 1. Create Sharing Set with the Customer Community profile 2. Create Sharing Group from the Sharing set for 'internal users' Got confused at first but 'Who Sees What in Experience Cloud: Site-Specific Sharing' video clarified it around 4min.
    Dave Ge
    January 30, 2022 3:19 pm
    Thank you for looking at my article and providing some comment. You are correct that a sharing set must be made first and only then is the opportunity to create a share group exposed through the UI. License type make a critical difference. I agree the Who Sees What in Communities series is helpful. So is the aforementioned 2018 video from Ladies be Architects ( Timing of your comment was prescient. I was getting ready for the Sharing and Visibility exam, and exam topics include sharing under various communities, roles, and licenses. So I went back and studied this article and the sources that are cited. The Ladies be Architects video, despite being 4 years old, was especially helpful. So thanks for your comment. I hope the article was helpful with your pursuits and endeavors, DG
    June 13, 2022 8:27 pm
    You can't use share groups with custommer community plus login users :/
    Dave Ge
    June 21, 2022 2:18 am
    Community Plus LOGIN users, meaning users with the Customer Community Plus Login user profile, can be assigned a role, and can be made members of a Share Group through their assigned role.

Leave a Reply