Friday, 18 December 2015

UserRecordAccess - Check what level of access a user has to a record

Confirming Record Access Level

There are many considerations for User and Record security in Salefsorce. You have to set your Organisation Wide Defaults, Sharing Rules, Profile Access, and Field Level Security.

With all of these settings, it can get be quite complex to debug a user access issue.

I believe that every Salefsorce Administrator has at some point heard from a user who cannot see a particular record (you won't very often hear from users who can access things that they shouldn't).

I recently discovered a way to help with security questions like these. Salesforce allows you to query against any user's ID and any specified record and get a concrete Yes/No response on whether the user in question has Read/Write access to it.

Developer Console

  • Start by opening the Developer Console in your Salesforce Environment.
  • Once that has loaded, navigate to the Query Editor

The Query Editor in Developer Console

  •  Once that has loaded enter your query below (changing the UserID and RecordID to the one you are checking

SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel FROM UserRecordAccess WHERE UserId = '005D0000005Vp6w' AND RecordId = '500D0000014uokI'

The Query Output 

Icon by Vecteezy from Iconfinder