Folder security is an exception to your OWDs. Access to folders, whether in Documents, Reports or Dashboards are folder specific, or “explicit” – ignoring the Role Hierarchy. You set access every time you create or edit a folder. Let’s say that you have six folders in the Reports tab to organize all your company’s reports. You can specify folder by: Public Groups, Roles, Roles and Subordinates.
If you have a Portal Licenses that allow access to the Reports, Documents or Dashboards (see the Portals section of my website) – you’ll see the option to restrict or grant access to Portal Users as well.
This is an oddity to security as well. Every User has a personal folder for Reports called “My Personal Custom Reports.” You’ll notice this folder cannot be edited to give or restrict access. This is great when you want to reduce the number of reports in the default “Unfiled Public Reports” folder. The only gotcha that I’ve come across is when someone is looking for some specific report that a User created, but that individual has left the company. How do you get into their Personal Reports Folder?
Hacking into a User’s Account
Ok, you don’t really “hack” into anything in Salesforce.com, but what you need to do is change the email address associated with the User Account to the administrator’s email address.
Reset the password on the User’s Account. The Administrator will then get then a temporary password emailed to them from Salesforce.com. Using the temporary password, the Administrator can create a new password, and now that they have taken over the User’s account.
Now that the Administrator has access to the User’s account they can get into the Personal Reports folder and get to the report that everyone desperately needed. You can then Run the report and do a “Save” or “Save As” and save or save a copy of the report out to a public folder. Problem solved!
Next step, Hijacking a Salesforce User Account