I am accustomed to using SQL, and have been thrown into the SOQL Salesforce realm quickly without much idea on how to use SOQL.
I have been trying to create a simple query to get the above fields all in one table so that I can see for each user their profile name, user name and the permission set that they have. This is a simple query but using workbench I have not been able to get it. Thanks!
SELECT FirstName,LastName,PortalRole, ProfileId, Profile.Name, Profile.userType, Username, UserRoleId,UserType, Profile.PermissionsAccessCMC, Profile.PermissionsActivateContract,Profile.PermissionsActivitiesAccess FROM User
That is you can get all the permission from profile table. In the above SOQL, I have added some of the permission fields from profile.
Related
I am trying to get all the roles a user is part of. In my case, the user is part of an admin role which inherits another role ingestor, this inherits another role analyst. If I query from snowflake like as follows:
show grants to user <userid>
This lists only the admin role but not other two roles (ingestor, analyst). If the same user logs into snowflake, he could see all three roles available for him in the role dropdown.
Need help to get all explicit roles irrespective of role inheritance.
As a start, the views "SNOWFLAKE"."ACCOUNT_USAGE"."GRANTS_TO_USERS" and "SNOWFLAKE"."ACCOUNT_USAGE"."GRANTS_TO_ROLES" in combination have the information you need,
but are only accessible to ACCOUNTADMIN
You also have:
SELECT * FROM "MY_DATABASE"."INFORMATION_SCHEMA"."ENABLED_ROLES";
SELECT * FROM "MY_DATABASE"."INFORMATION_SCHEMA"."APPLICABLE_ROLES";
The latter looks like a good place to start.
Edit primo 2023:
If you want to make your own near-instant expanded GRANTS_TO_ROLES, you can follow these lines:
Get roles with SHOW ROLES; RESULT_SCAN()
Iterate over roles above with SHOW GRANTS TO ROLE <role>; RESULT_SCAN()
Iterate over ALL_USER_NAMES() with SHOW GRANTS TO USER <user>; RESULT_SCAN()
Finally create a SELECT statement with a recursive Common Table Expression expanding the nested roles
i found the best way to find all roles with inherited roles.
just run below SQL.
SELECT CURRENT_AVAILABLE_ROLES()
I am working on a code snippet that is supposed to import all my contacts from Salesforce via SOQL.
Here is what I do when I want to import all Salesforce contacts for my user 00520000001IbXZAA0
First SOQL:
SELECT Id FROM account WHERE ownerid = ‘00520000001IbXZAA0’
Then I get all the account id where I am a team member:
SELECT AccountId FROM accountteammember WHERE UserId = ‘00520000001IbXZAA0’
Then I build an array with my ids and from my 2 previous requests and get all contacts this way:
SELECT FirstName, LastName, Account.Name FROM Contact WHERE AccountId IN myarrayofids ORDER BY CreatedDate ASC
This approach seems to get most of my contacts but I can still see some contacts appear in Salesforce but that are not retrieved with these 3 queries. Am I missing something here?
I have only very few knowledge of how Salesforce work but I suppose that if I retrieve all contacts where I am a team member or owner, I should retrieve all contacts I am able to see on Salesforce or am I missing something here?
Many thanks
The reason you are not able to see all records otherwise is as some might be shared with you via OWD or using role based sharing, manual sharing or apex sharing. If you are just looking for a list in csv or anything, the easiest thing you can do here is create a report to display all contacts and share it with this user. Login into Salesforce as this "00520000001IbXZAA0" user. Run the report and export into csv/excel.
If you wish to do this in code, write a class using "with sharing" keyword and run the following query "Select Id, FirstName, LastName .... From Contact". This will return this user all the records she/he has access to.
Try these above solutions and let me know if they work for you. Happy to help..!!
I am trying to auto populate the Opportunity Owner name in to custom field(Manger) on the same page. But when i am trying it's getting only Id but not Owner Name. This logic i am implementing using Flow in the process builder. Can some one help on this.
In the flow i am using 'Record Lookup'(getting OwnerId and passing to Temp variable), Record Update(Assigning the temp variable to Custom field). But not luck.
Not sure why you would not want the Id. I personally would use the Owner field as a basis and just create a formula field called Manager with this formula: Owner.Name
If you still insist on getting the Owner Name from the flow, you would have to do a SOQL Select in the flow to search and save the Name first.
I have admin API access for my organization. I'd like to run the same SOQL query, but get back results as visible to various users in my org: running "SELECT Name FROM Account" for user A, should only return account names accessible to user A.
I know this is easy if each user provides my application with their password and security token, so I can log in as them and run the query, but I want to do this only using my admin account.
this is very similar to:
Salesforce: impersonation using the API
but in this case I do have access to the data, I just want to filter it as though the request came from a specific user. It looks like there's an Apex "unit testing" method called System.RunAs() which looks close, but I want to run this via REST.
I think that you can filter the first SOQL query using HasReadAccess from UserRecordAccess table.
You could try building a set of RecordIDs first and then using this to filter the Account query.
Set<ID> sRecordIDs = [SELECT RecordID FROM UserRecordAccess WHERE UserId = :u AND HasReadAccess = True];
Account[] accs =[SELECT ID,Name FROM Account WHERE Id in :sRecordIDs];
More details on the official documentation
I'm building a small project with database. I have a user table which has two columns, user_id and name, The second table stores the id and name of some documents: it also has two columns doc_id and doc_name. I want to grant access of specific user to specific (multiple) docs.
For example:
user1 can access doc_2 and doc_3 Only.
user2 can access doc_1 and doc_2 Only and so on.
Users and forms keep changing (eg. after some time i need to add a new doc, and add access to existing or new user to that new doc).
Do i need to change database design? (for example add a column in docs to store name of each user who can access it? ) If this is so, can you tell me what changes i should do?
OR
Is it possible to do by creating views? In this case, do i still need to change the database design? If this is the case, can you tell me an example view please? In this case, will i need to create view for each user? For example if there are 100 users, i will need to create 100 views?
You need a third table (I'll call it user_doc). You need 2 main columns; user_id and doc_id.
You then insert one row for each document and user combo that has access permissions.
If their user_id doesn't appear in the user_doc table with the relvelant doc_id, they don't have permission.
A sample query to get a list of all docs a specific user has access to:
SELECT doc_id FROM user_doc WHERE user_id = #UserId
or to find all users with access to a specific doc:
SELECT user_id FROM user_doc WHERE doc_id = #DocId
You need to have a PERMISSIONS table with relationship between Users & Documents. The columns could be PERMISSIONS_ID,USER_ID (Refer User), DOC_ID (Refer Document). Every time access has to be given to a user for a document this table needs to be populated.