Sales personnel will updates their activities tight to any customer account and these sales personnel should only see their own records. However we have an account manager role who incharge of specific customer account A, is allowed to see all activities (enter by any sales personnel) tight to the customer account A but not customer account B.
Is there any way to achieve this?
I believe this is the exact situation describe in the documentation, here:
“If your users should only typically see their own records then the role you would assign to their group would be configured to have Owner rights. A manager who is a part of the same group, but who should be able to see all records in the group should have a role directly assigned to their user record that gives Group access.”
However, the account manager is not the manager of the user, he/she just a manager for specific account. As per your recommendation, the manager will see all the activities entered by user A and this is not the account manager role is. Below is the scenarios.
Sales A, B and C are selling different product to Customer account A and B, therefore all of them is able to enter activities related to Customer account A and B.
Sales A enter activity 1 related to Customer account A
Sales A enter activity 2 related to Customer account B
Sales B enter activity 3 related to Customer account A
Sales C enter activity 4 related to Customer account B
Account Manage A for Customer Account A will only see activity 1 and 3
Account Manger B for customer Account B will only see activity 2 and 4
Well, this is a lot more complicated, but perfctly possible.
One possibility is to manage security groups by your own.
In Security Groups Configuration, disable all inheritances. You will need to manage that using workflows.
As per your explanation, your company is centered around products. So you need to indicate the Security Group of a Product. You can do that creating a custom field or using the regular Security Group mass update functionality, for instance.
Then, whenever you create a record (an opportunity, an activity), you will need to link it to the corresponding security groups via workflow. For exemple, linking to the security group of the product.
Then, in the Product’s security group, insert all people who is allowed to see all the records related to that product, like your managers.
In the roles, sales people should have Owner level permision and managers have Group level permision.
With this arrangement, regular users will be able to see only their own records and users with Manager role will be able to see all records related to their products.
It’s gonna take some time and try and erros, but it’s possible.