Secure your data and boost productivity by permitting your users to see only the records necessary for their job function. Create restriction rules to control which subset of records you allow specified groups of users to see. Restriction rules are available for custom objects, contracts, tasks, and events. You can create and manage restriction rules via the Tooling and Metadata APIs. They provide another layer of access control on top of your existing sharing settings and let you configure truly private visibility.

Where: This change applies to Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions.

When: The timeline for the rollout of this feature is published in the Restriction Rules group in the Trailblazer Community.

Why: Without restriction rules, users with access to an account can see its contracts, tasks, and events, even when the organization-wide default is set to Private. For custom objects, users can see all detail records. Restriction rules let you configure truly private access for these objects.

How: For information on enabling this feature, contact Salesforce. You can create and modify restriction rules using the Tooling or Metadata API. See the Restriction Rules Developer Guide (Beta) for more information.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_sharing_restriction_rules_beta.htm&release=232&type=5

Select whether to include records owned by high-volume community or site users when you create guest user sharing rules. By default, guest user sharing rules include only records that match the rule’s criteria and are owned by authenticated users, guest users, and queues. Because of recent security improvements, this setting is the only way to grant guest users access to records owned by high-volume users. This option isn’t available for owner-based or criteria-based sharing rules.

Where: This change applies to all Aura, LWR, and Visualforce sites accessed through Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_sharing_hvu_guest_rules.htm&release=232&type=5

A user has access to a record, but why? Is it because of their role? Their territory? From a sharing rule? Now you can see why a user has the access they do, right from Record Sharing Hierarchy in Lightning Experience. Previously, you switched to Salesforce Classic to see this information. Sharing Hierarchy is now available on the action menu, not just in the Share window.

Where: This change applies to Lightning Experience in Professional, Enterprise, Performance, Unlimited, and Developer editions

How: Select Sharing Hierarchy from the action menu on the record. Click View next to a user’s name. You see the record access the user has, and the reason for the access in the displayed table.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_sharing_view_record_access_lex.htm&release=232&type=5

See why a user has access to a record in Lightning Experience, and choose whether to include records owned by high-volume community or site users in guest user sharing rules.

https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_sharing.htm&release=232&type=5