Get read permissions or security related objects via salesforce API

0
votes

I am planning to get read access for object with following query,

queryResults = connection.query("SELECT Assignee.Id, Assignee.Name" +
      " FROM PermissionSetAssignment" +
      " WHERE PermissionSetId" +
      " IN (SELECT ParentId" +
      " FROM ObjectPermissions" +
      " WHERE SObjectType = GivenObjectType AND" +
      " PermissionsRead = true)");

This is working for most of the salesforce objects. But for security related objects such as Groups, Profiles this is not working. (i.,e when I want to check users who can see user information, I should be able to pass GivenObjectType="User" and get all the users who can see other user's information.

Is there a way that I can achieve this?

Note: I identified following object types that doesn't have support in ObjectPermissions.SObjectType User, Group, Partner, Profile and Task (not a security related object)

Thanks!

1
javasalesforce

1 Answers

0
votes

Edit to answer the comment

Profiles/Permission sets only say if you're allowed to see, edit etc. Accounts at all. They won't tell you if you can edit account "XYZ".

You should be looking at AccountShare or UserRecordAccess tables then. They'll provide nice flattened information for you as opposed to trying to recreate the sharing rules.

Check Daniel's answer to https://salesforce.stackexchange.com/questions/7805/show-insufficient-privileges-directly-when-clicking-edit-override-not-on, should give you a good start and you'll know what keywords to search for now.

Original answer

For the setup-ish objects like Group (which also includes queues) you might have to look into the System Permissions. That one would be controlled by "Manage Users" I believe. At least some of my users complain that without it they can't see who's actually a member of given queue. Access to User object is probably same thing.

You should be able to find them all in PermissionSet object.

Partner and Task are in Master-Detail relationship I think (to Account and to any object that has "allow activities" respectively... I think). So again - I think the help is your best friend: https://help.salesforce.com/HTViewHelpDoc?id=partners_edit.htm, https://help.salesforce.com/HTViewHelpDoc?id=creating_tasks.htm etc.

I'm curious as to why you need it though and why you insist on querying as opposed to using describe calls such as "isAccessible" or Metadata API / Tooling API if you want to fetch it to a Java application. Queries on Profiles & related stuff were exposed fairly recently and I wouldn't be surprised if some stuff is missing / inconsistent.