Sharing rules are used to extend record access to users within specified roles or groups.

Records can be shared either based on record owner (role, group) or record criteria (known as a criteria-based sharing rule; e.g. all accounts in state “OH”).

Sharing Rules on accounts also provide access to related contracts and can provide access to related Contacts, Opportunities, and Cases.

Sharing rules can extend either Read Only or Read/Write access, but cannot extend Full Access.

Public groups are used to streamline the process of sharing access to records and folders. A group is comprised of users, roles, and other groups.

Personal groups are created and maintained by users, and can only be referenced in select configuration (such as Outlook contact synchronization).

When Grant Access Using Hierarchies is selected in a Public Group and that group is the target (Shared With) in a sharing rule, record access granted via the sharing rule will also be inherited via the role hierarchy.

For example:

1. A sharing rule provides read only access to accounts owned by the role and subordinate roles of SVP, Sales & Marketing to the public group International Support.
2. The public group International Support contains the role Customer Support, International.  Members of this group gain read access to accounts owned by users in the SVP, Sales and Marketing or subordinate roles.
3. Users in the role SVP, Customer Service and Support gain access to records owned by users in the SVP, Sales and Marketing or subordinate roles through Grant Access Using Hierarchies with the group configuration.

Note: Grant Access Using Hierarchies is only effective when the sharing rule is targeting a group (not when the group is the source of records).