1
2
3
4
5
1
2
3
4
5
6
7
8
type: 1
specifies the target is an Account, and the target: "000000000000000000000003"
is the system identifier for any user in the org. So this ACL is specifying that any authenticated user can create instances of this object.type: 4
is specifying that the target is the instance Owner, and the allow: 7
specifies that the Owner is granted Delete access.allow
is not provided in the definition since create access is already implied.type: 5
is specifying the target is an access level. This means that a user with an access level of 7
(Delete) to the instance can grant up to access level 6
(Update) to another user via a connection.type: 4
is specifying the target is the instance owner and that the owner can grant the provider role (role _id "000000000000000000000005") via a connection. This means that any defaultAcl defined for the provider role in the object definition will be granted to the connected user for that object instance even though they may not have the provider role assigned to their user account.type: 3
is specifying the target is a role. We've created some custom roles of Manager (role _id "5532e499540b0183799b4ee5") and Reporter (role _id "58e96eb0105ddf010067046b"). In the share ACL rule, we are specifying that the Manager role can grant the Reporter role to another user for an object instance via a connection.