Vault Loader allows you to assign users and groups to roles and remove users and groups from roles on object records in bulk. The Assign Users & Groups to Roles and Remove Users & Groups from Roles actions are available for objects that have enabled custom sharing rules or matching sharing rules.

How to Load Object Record Roles

Before loading object roles, prepare the CSV input file containing user field names and values.

To load object record roles:

  1. In the left panel of the Loader tab, click Load.
  2. For the CSV File, click Choose and select the CSV input file.
  3. In the Object Type drop-down, select an object type. The object must have custom sharing rules or matching sharing rules enabled.
  4. In the Action Type drop-down, select Assign Users & Groups to Roles or Remove Users & Groups from Roles.
  5. Click Start Load.

Before processing the request, Vault validates the selected CSV file. If the file is valid, Vault begins processing the request. When finished, you’ll receive a Vault notification and email with request details and CSV output files.

Preparing CSV Input Files

The first column must be the object record ID. To add or remove users from roles, add a column header with the format {role__c}.users. To add or remove groups from roles, add a column header with the format {role__c}.groups. Add comma-delimited user and group IDs under the appropriate header for each object record ID.

id reviewers__c.users reviewers__c.groups editors__c.groups
346 61584,61531 29 35
320      

Retrieving Object Record Roles

Object record roles map to Application Role records. You can find all available application roles with corresponding names by navigating to Admin > Users & Groups > Application Roles.

Retrieving IDs

You can get object record IDs and user and group IDs with corresponding names by extracting them with Vault Loader.

Invalid Input

When assigning users and groups to roles, Vault Loader ignores duplicate user and group IDs in the input but throws an error for invalid or inactive IDs.

When removing users and groups to roles, Vault Loader ignores invalid or inactive user and group IDs.