No — a role is not mandatory. You can create and activate a Salesforce user without ever assigning them a role. The role field on the User record is optional, and many production users (integration users, certain external/community users, sysadmins) routinely have no role. The trade-off: a user without a role sits outside the role hierarchy, so on objects with Private or Public Read Only OWDs they only see records they own or that are explicitly shared with them — no hierarchy-based access.
What happens with no role
For each OWD scenario, here’s what a no-role user can see:
| OWD on the object | What the no-role user sees |
|---|---|
| Public Read/Write | Everything (no restrictions) |
| Public Read Only | Everything, but read-only unless granted Edit by sharing |
| Private | Only records they own + records explicitly shared with them via sharing rule, manual share, or Apex share |
| Controlled by Parent | Whatever the parent’s effective access is |
Crucially, they don’t lose CRUD or FLS — those come from the profile. They just lose any implicit upward sharing through the hierarchy.
When you intentionally skip the role
- Integration users that authenticate via OAuth or username-password and run as a “service account”. They don’t represent a person, so they don’t sit on the org chart.
- System administrators who get full visibility via View All Data / Modify All Data and don’t need hierarchy access.
- External community users that have community-specific sharing constructs (sharing sets, share groups) and don’t fit the internal hierarchy.
- Read-only audit accounts where you want to grant access explicitly via permission sets and sharing rules, not via hierarchy.
When you’d regret skipping the role
- Sales reps who report to a Sales Manager — without roles, the manager doesn’t see their reports’ records.
- Support agents whose tickets the team lead is expected to monitor — without roles, the lead sees only their own.
In short: any time a manager-style relationship needs to drive record visibility, both users need roles in the correct hierarchy positions, and “Grant Access Using Hierarchies” must be on for the object.
Common interview clarifiers
- Can a user have multiple roles? No. Exactly one role at a time.
- Can two users share a role? Yes. Roles are buckets — many users typically sit in the same node.
- Can I add a role later? Yes. Edit the user, set the role. Sharing recalculation runs in the background to update visibility.
- Does removing a user’s role revoke their data? They lose hierarchy-based shares immediately (next recalculation), but records they own and records granted via sharing rules or manual shares are untouched.
Verified against: Salesforce Help — Role Hierarchy and Sharing & Visibility Architect resources. Last reviewed 2026-05-17.