I have a requirement that certain Opportunities (a very limited subset) have access limited to just the Opportunity Owner and the Opportunity Team - there should be no access granted by hierarchy.
The OWD for Opportunities is Private. There is a sharing rule that provides Read Only access to all Opportunities that have not been flagged as Confidential - but Confidential still allows access by hierarchy. There is a similar sharing rule on the Account - Read Only for all users if the Account is not marked Confidential. This new requirement would go one step further than Confidential and restrict hierarchy access. There are no profiles or permission sets that provide View All/Modify All access.
My two initial thoughts were Restriction Rules could work and if not, disable hierarchy and add sharing rules and/or apex sharing to recreate the hierarchy sharing for all of the other Opportunities. Unfortunately, Restriction Rules aren't available for Opportunity and you cannot disable the hierarchy on the Opportunity.
I attempted to update all of the Roles so that the Opportunity Access is "Users in this role cannot access opportunities that they do not own that are associated with accounts that they do own". My initial assumption is to take that sentence literally - if the user doesn't own the Opportunity, they cannot see it - even if someone below them in the hierarchy does.
However, I am finding that the hierarchy sharing is still occurring after making this update.
If I change the Opportunity Owner to some one outside the hierarchy, the manager loses access. If I change the Opportunity Owner back to the subordinate, they manager gains access again.
I tried changing the Account Owner to see if that would make a difference - it did not.
I cannot seem to break the hierarchical sharing of Opportunities. Is this possible?
Am I completely misinterpreting "Users in this role cannot access opportunities that they do not own that are associated with accounts that they do own" or is there another sharing method that I am missing?
