Skip to main content

How to check accessibility of an user on a particular record ?

It is a very challenging requirement, Generally we will update records through trigger for complex requirement.
 Lets think a scenario where we have to update a particular field value(say field name-IsUpdate) on an Opportunity and few profile is having editable access to that field,there is a already a trigger written for other purpose(updating some other thing) on Opportunity,So we have to modify same trigger and add our logic in that trigger.
Our first and foremost approach  would be checking profile name in the condition as below.

 Approach-1(Using profile)

Assume that profile "Test_profile_name" is having editable access to that field(IsUpdate)
Profile ProfileName = [select Name from profile where id = :userinfo.getProfileId()];
for(Opportunity opp:trigger.new){

      if(profileName.Name.containsIgnoreCase('Test_profile_name')){
   
          // opp.IsUpdate = true;
     }
}

 It will work fine no doubt, But let assume we have more than 100 profiles having editable access then we have add each profile name in same condition separated by OR.

 if(profileName.Name.containsIgnoreCase('Test_profile_name') OR profileName.Name.containsIgnoreCase('Test_profile_name')...................)

 What if profile name is renamed or deleted then also it wont work. So finally above approach is not good at all.

 Approach-2(Enforcing Object and Field Permissions)

 We can avoid above issue by using sobject describe result method.

 if (Schema.sObjectType.Opportunity.fields.IsUpdate.isUpdateable()) {
   // Update Opportunity IsUpdate
}

 This approach is 90% right still some problem is there, By this approach we can check object level access but what about record level access ? As we are dealing with record(updating record) we have to check record level accessibility.

 It is quite often that one user may have object level edit access still he/she cant edit particular record.

 Approach-3(Using UserRecordAccess object).

You can write query to fetch user access to a record 

UserRecordAccess  = [SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel
                     FROM UserRecordAccess
                     WHERE UserId = [single ID]
                     AND RecordId = [single ID]
 
or 
 
SELECT Id, Name, UserRecordAccess.HasReadAccess, UserRecordAccess.HasTransferAccess, UserRecordAccess.MaxAccessLevel 
      FROM Opportunity
for more details 
https://www.salesforce.com/developer/docs/api/Content/sforce_api_objects_userrecordaccess.htm
 

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Create a Tooltip in Lightning Datatable ?

Imagine you have a datatable displaying a list of Contact records , and one of the columns shows the Account Name . The Account Name is a hyperlink that allows users to navigate to the Account record page. But what if users want to take a quick glance at some key Account fields —like Phone or Address—without navigating to the Account record? In Salesforce Classic, this was achieved using the Mini Page Layout feature from standard page. However, in Lightning Experience, we can implement a similar feature by adding a tooltip to the data table. Solution Overview: We’ll create a Lightning Web Component (LWC) that: Displays a data table with a clickable Account Name . Provides a tooltip that shows the Account's Phone and Address fields when users hover over the Account Name. Implementation Steps: 1. Data Preparation We need to retrieve the following fields for each Contact and its associated Account: Contact Fields : Name, Phone, Email Account Fields : Name, Phone, Billing Addre...
Post a Comment
Read more

How to Create/Delete file attachments(Content Document) through Apex ?

 There are 3 standard salesforce objects to store file attachments. Content Document, ContentDocumentVersion, ContentDocumentLink.  Here is the article to talk about these objects and relationship.  https://www.forcetalks.com/blog/contentdocument-and-contentversion-in-salesforce-an-overview/ ContentDocumentVersion ContentDocumentLink This post is all about how to create/delete content document though Apex. Here is code snippet // Insert Content Version record ContentVersion contentVersionRec = new ContentVersion(Title='filename',PathOnClient ='FileName.pdf',VersionData = bodyBlob,origin = 'H'); INSERT contentVersionRec; // this will insert one record in ContentDocument and ContentVersion , ContentDocument  is parent and  ContentVersion is child record // get contentdocument id contentVersionRec = [SELECT Id, Title, ContentDocumentId FROM ContentVersion WHERE Id = :contentVersionRec .Id LIMIT 1]; // Create Content Document Link record- This will attach ...
Post a Comment
Read more

Lifecycle hooks in LWC

There are 3 phase of LWC component  1. Mounting  A. constructor, B. connnectedCallback C. render D. renderedCallback 2. UnMounting  A. disconnectedcallback 3. Error  A.errorcallback Note - render is not lifecycle hook, it is protected method of Lightning element class. Mounting Phase LWC Creation and Render Life cycle Constructor Method ·        This method called when component is instantiated and It flows from parent to child component. ·        Need to call Super() inside constructor method ·        Can’t access any component properties or child component because it’s not ready yet. ·        Host element can be accessed through “this. template” inside constructor method. ·        Don’t add any attributes to host inside constructor C   constructor (){          super (); //...
Post a Comment
Read more