The SnapApp data sharing model is essential for secure data access. This document reviews key data accessibility components, sharing model use cases, real-world customer solutions, and troubleshooting guidelines, emphasizing the importance of proper architecture to meet current and future data access needs.

Any user, service or application should have a minimum permission to perform its function.

Record-level security allow to grant users access to specific records while restricting access to others. As with most applications, data access in SnapApp begins with user authentication—the application must identify the user before granting access. In addition to record-level security, SnapApp also supports field-level and object-level permissions, providing a comprehensive approach to data security.

The different components of data sharing model are:

• Roles and Permission Sets

A Role is a high level security set that can be easily assigned to users, roles consist of at least one permission set dictating the access to applications and objects.

Permission sets are a way of controlling access to applications, objects, and fields that can be separated from roles and applied to multiple roles.

Roles and permission sets in SnapApp provide table-level security by defining the types of data users can view, edit, create, or delete. For each table, the “View All” and “Modify All” permissions bypass sharing rules and settings, enabling administrators to efficiently grant access to records across the organization. Click here for more details about SnapApp Roles and Permissions.

• Users(Record Ownership) and Queues

In SnapApp, every record must be owned by either a single user or a queue. The record owner has access based on the table settings defined by their role. For instance, if the owner’s role grants Create and Read permissions but not Edit or Delete permissions, the owner can create and view records but cannot modify or delete them. Click here for more details of Object Access.

Users higher in the data access hierarchy inherit the same permissions as their subordinates for standard tables, meaning managers will have the same level of access as their direct reports. This access applies to records owned by users as well as those shared with them. Click here for more details about SnapApp Users.

Queues are used to prioritize, distribute, and assign records to teams that share workloads. Members of a queue, as well as users higher up in the data access role hierarchy, can access these queues through list views and assume ownership of records within them. Click here for more details about SnapApp Queues.

• Data Access Role Hierarchy

A data access role hierarchy defines the access levels required by users or groups within an organization, ensuring that managers have access to the same data as their employees, independent of organization-wide default settings. The hierarchy does not need to mirror the organizational chart exactly; instead, each role should reflect specific data access needs. When a user’s data access role changes, relevant sharing rules are assessed to adjust access accordingly. Peers within the same role do not automatically gain access to each other’s data.

Modeling the data access role hierarchy begins with understanding the organization’s structure, typically starting from the top, such as the CEO, who oversees the entire company. Direct reports may then be segmented by business unit or region, with further subdivisions as needed. While this resembles an HR organizational chart, the focus should be on data accessibility rather than HR reporting.

• Sharing Rules

Data sharing rules are configurations that define how records can be shared among users within SnapApp. These rules determine who has access to specific records, under what conditions, and what level of access (read, edit, create, delete) is granted. Click here for more details about Sharing Rules.

Thank you for following these steps to configure your SnapApp components effectively If you have any questions or need further assistance, please don’t hesitate to reach out to our support team. We’re here to help you make the most out of your SnapApp experience.

For support, email us at snapapp@bluevector.ai