Access to Reports in Salesforce

Report access is based on the folder that the report is in. The folder is shared with named users, roles, and/or groups. So, any users in a given group or role can see that report. When you add someone to a Report folder you can give View, Edit, or Manage permission.

However, even if a user has access to the folder where a report is stored, they cannot see data in the report if their license or profile does not grant them permission to read the underlying object (e.g., standard objects like Accounts, Opportunities, or Custom Objects).

Here is a breakdown of how license and object access impact reports:

  1. License-Level Restrictions

    • Salesforce License (Full CRM): Users have access to standard objects (Accounts, Opportunities, Cases, etc.) and can see them in reports.

    • Salesforce Platform License: These users can access custom apps and custom objects, but cannot access standard CRM objects like Opportunities or Cases in reports.

    • External/Community Licenses: Object access is severely limited based on the specific license (e.g., Customer Community vs. Partner Community) and Sharing Sets.

  1. Object-Level Security (CRUD)

    Even with the right license, a user must have "Read" permission on the object (via Profiles or Permission Sets) to see that data in a report. If they lack this, they will see an "insufficient privileges" error.

  1. Record-Level Security (Sharing)

    Reports honor sharing rules (Owner-based, Criteria-based, Role Hierarchy). A user can only see records in a report that they already have access to in the system.