Skip to main content

How to check accessibility of an user on a particular record ?

It is a very challenging requirement, Generally we will update records through trigger for complex requirement.
 Lets think a scenario where we have to update a particular field value(say field name-IsUpdate) on an Opportunity and few profile is having editable access to that field,there is a already a trigger written for other purpose(updating some other thing) on Opportunity,So we have to modify same trigger and add our logic in that trigger.
Our first and foremost approach  would be checking profile name in the condition as below.

 Approach-1(Using profile)

Assume that profile "Test_profile_name" is having editable access to that field(IsUpdate)
Profile ProfileName = [select Name from profile where id = :userinfo.getProfileId()];
for(Opportunity opp:trigger.new){

      if(profileName.Name.containsIgnoreCase('Test_profile_name')){
   
          // opp.IsUpdate = true;
     }
}

 It will work fine no doubt, But let assume we have more than 100 profiles having editable access then we have add each profile name in same condition separated by OR.

 if(profileName.Name.containsIgnoreCase('Test_profile_name') OR profileName.Name.containsIgnoreCase('Test_profile_name')...................)

 What if profile name is renamed or deleted then also it wont work. So finally above approach is not good at all.

 Approach-2(Enforcing Object and Field Permissions)

 We can avoid above issue by using sobject describe result method.

 if (Schema.sObjectType.Opportunity.fields.IsUpdate.isUpdateable()) {
   // Update Opportunity IsUpdate
}

 This approach is 90% right still some problem is there, By this approach we can check object level access but what about record level access ? As we are dealing with record(updating record) we have to check record level accessibility.

 It is quite often that one user may have object level edit access still he/she cant edit particular record.

 Approach-3(Using UserRecordAccess object).

You can write query to fetch user access to a record 

UserRecordAccess  = [SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel
                     FROM UserRecordAccess
                     WHERE UserId = [single ID]
                     AND RecordId = [single ID]
 
or 
 
SELECT Id, Name, UserRecordAccess.HasReadAccess, UserRecordAccess.HasTransferAccess, UserRecordAccess.MaxAccessLevel 
      FROM Opportunity
for more details 
https://www.salesforce.com/developer/docs/api/Content/sforce_api_objects_userrecordaccess.htm
 

Labels:

Comments

Post a Comment

Popular posts from this blog

Style in LWC

 Following are the ways we can apply in CSS in LWC. 1. Inline CCS Inline CSS is not recommended approaches, it is take highest priority among all CSS. style="color:green;font-size:10px;" is inline CSS added to div < template >     < lightning-card title = "Inline CSS" >         < div >             < div style = "color:green;font-size:10px;" > This is inline Style div </ div >         </ div >     </ lightning-card > </ template >  2. External CSS style can be applied to an elements such as h1, p,div span etc. It can applied to class using "." notation. for example .user{} It can also be applied to pseudo class.  for example .user:hover{} Id locator is not being used in LWC to apply style To apply external css, need to create separate CSS file, file name should be exactly matched with component name. for example - If component name is ...
Post a Comment
Read more

How to Create/Delete file attachments(Content Document) through Apex ?

 There are 3 standard salesforce objects to store file attachments. Content Document, ContentDocumentVersion, ContentDocumentLink.  Here is the article to talk about these objects and relationship.  https://www.forcetalks.com/blog/contentdocument-and-contentversion-in-salesforce-an-overview/ ContentDocumentVersion ContentDocumentLink This post is all about how to create/delete content document though Apex. Here is code snippet // Insert Content Version record ContentVersion contentVersionRec = new ContentVersion(Title='filename',PathOnClient ='FileName.pdf',VersionData = bodyBlob,origin = 'H'); INSERT contentVersionRec; // this will insert one record in ContentDocument and ContentVersion , ContentDocument  is parent and  ContentVersion is child record // get contentdocument id contentVersionRec = [SELECT Id, Title, ContentDocumentId FROM ContentVersion WHERE Id = :contentVersionRec .Id LIMIT 1]; // Create Content Document Link record- This will attach ...
Post a Comment
Read more

Lifecycle hooks in LWC

There are 3 phase of LWC component  1. Mounting  A. constructor, B. connnectedCallback C. render D. renderedCallback 2. UnMounting  A. disconnectedcallback 3. Error  A.errorcallback Note - render is not lifecycle hook, it is protected method of Lightning element class. Mounting Phase LWC Creation and Render Life cycle Constructor Method ·        This method called when component is instantiated and It flows from parent to child component. ·        Need to call Super() inside constructor method ·        Can’t access any component properties or child component because it’s not ready yet. ·        Host element can be accessed through “this. template” inside constructor method. ·        Don’t add any attributes to host inside constructor C   constructor (){          super (); //...
Post a Comment
Read more