Deny executives to edit or delete accounts if their territory does not match the account region


  1. In the Control Center console, click Policies.
  2. Click ADD POLICY.
  3. In the Name box, type the policy name.
  4. Set the policy effect as Deny.
  5. Define the subject components.
    For example:
    • Display Name
    • Subject Type = User
    • Conditions = Position is Account Executive
  6. Define the resource components.
    For example:
    • Display Name
    • Resource Type = ACCOUNT
    • Conditions = crm_object is account and Address 1: Country/Region is not ${user.territoryid}
  7. Select one of the following actions.
    • DELETE
    • EDIT
  8. Click SAVE & DEPLOY.