With all of these settings, it can get be quite complex to debug a user access issue.
I believe that every Salefsorce Administrator has at some point heard from a user who cannot see a particular record (you won't very often hear from users who can access things that they shouldn't).
I recently discovered a way to help with security questions like these. Salesforce allows you to query against any user's ID and any specified record and get a concrete Yes/No response on whether the user in question has Read/Write access to it.
- Start by opening the Developer Console in your Salesforce Environment.
- Once that has loaded, navigate to the Query Editor
|The Query Editor in Developer Console|
- Once that has loaded enter your query below (changing the UserID and RecordID to the one you are checking
SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel FROM UserRecordAccess WHERE UserId = '005D0000005Vp6w' AND RecordId = '500D0000014uokI'
|The Query Output|
- There are several other commands you can run. For a full list of them, visit this page: https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_objects_userrecordaccess.htm
Icon by Vecteezy from Iconfinder