I have created a view based on profile fields to display a custom search page for a particular role.
Once the search results are displayed, the user can select one of them to send a notification.
For this a VBO has been used with a force single option. I have problems when i try to send an email notification thru rules, to the selected user.
I do not see the custom rules action to send email, under my bulk operation settings.
If i try to create the rule component with data type profile, i get the action listed under bulk operations, but not on my page.
Any help is appreciated.
The issue got resolved by enabling permissions for that particular user role to execute the Rule. By default, the Rule was enabled only for the creator (Admin).
Related
We are connecting our Keycloak server to AD and it’s configured so changes in AD get stored in Keycloak’s Database. The final goal is to have our Application’s DB synchronised and we are succeeding so far, except for the User Group Memberships.
Here is what we have tried so far:
A Group Mapper has been created, connecting it to AD. We have tried with the 3 available modes: LDAP_ONLY, READ_ONLY and IMPORT with no success in any case.
When we add or remove a Group from a user in AD (with no other change) and in User Federation we sync for “changed users”, Group changes are not detected at all (Sync of users finished successfully.0 users added, 0 users updated, 0 users removed, 0 users failed.).
We have created a custom Event Listener. When synching, no normal Event is dispatched. An Admin Event is dispatched but no info about the User neither about the Group comes with the Event (only Info about the Realm).
A custom implementation of LDAPStorageMapper has been done. None of the methods are executed when synching and only Group changes were done in AD (I would expect at least syncDataFromFederationProviderToKeycloak to be executed).
Keycloak Tables USER_GROUP_MEMBERSHIP and FED_USER_GROUP_MEMBERSHIP are empty. Even after trying with the aforementioned Modes LDAP_ONLY, READ_ONLY and IMPORT.
When going to User Details in Keycloak, tab Groups:
With mode LDAP_ONLY no need for sync. The Groups show up there updated before synching.
With mode IMPORT. No Group is shown, neither before nor after synching.
With mode READ_ONLY. Groups are shown, but for them to be updated Users changed sync need to be don.
When getting the user from Keycloak's REST API attribute modifyTimestamp stays unchanged, even after trying all previous steps.
All we need is to find out which users were changed since last sync so we can update their Groups. Any tip on that? Am I missing any table, event, configuration… for that?
Any help is greatly appreciated.
In my site the guest users have access to the flow and they able to run the flow and even create records. When the flow try to find the created record the next error accrue:
Because Get_Record is passed to an action, subflow, or Lightning component, store the values of all Request_for_ChemTox__c fields that the running user has access to.
I gave access to every field for that user and still keep getting this error.
Any ideas?
It's probably not field level security (~table columns) but whole record's security (~table rows).
Check your site/community/experience settings as described in this article: https://help.salesforce.com/s/articleView?id=000352970&type=1. If there's something set - the ownership of created record is immediately transferred over to that internal user and guest loses visibility. It sucks but it's there to protect you, makes sure that if you have for example Leads or Cases submitted by guest users - they immediately "disappear", guest/hacker can't report on them, experiment with IDs in the url to learn other people's data...
You can Check Setup -> Sharing Settings for this object and create new sharing rule. (I can't upload image right now but start making new sharing rule with step 2 "rule type = Guest user access, based on criteria")
https://help.salesforce.com/s/articleView?id=sf.networks_guest_record_default_owner_best_practices.htm&type=5 has some good tips too:
If you’d like to create a different experience for guest users, use
flows in System Mode to redirect guest users to a different custom
screen after they create a record
Note: This is likely a duplicate question but I couldn't search for a solution/suggestion for my use case, so if anyone can re-direct me, that would be appreciated.
Problem: I have a NextJS application that runs on Prisma ORM and MySQL database. I am using NextAuth for OAuth authentication for sign up and log in.
So far the application works just fine but I want to check whether a user is logging in for the first time and redirect them to a set up page whether they would input personal details in order to populate a table on the database, so that the app can form a dynamic page based on their newly added information.
On the database, there are the user table (populated by NextAuth immediately at login) and the profile table.
Under NextAuth, the user table is populated automatically with the account's user name and email etc. However, that is not a unique entry and NextJS getStaticPath requires a unique entry to generate a dynamic page. That's why I have created the profile table to allow users to add their custom username where the dynamic URL will be generated (e.g. localhost:3000/u/[slug])
Here's my question - I want to check that the user is first time logging in and send a form for them to fill out the necessary information to input data onto the profile table, otherwise they would go straight to their profile homepage. What is the best way to check that and to redirect them to that form page?
Do I do it at server side with getServerSideProps by checking that the id from user table is missing from the profile table and do a redirect? Or is there some method that's customarily used to implement this "initial set-up" procedure?
I have enabled Field security on 2 checkboxes I have on a my form.
Checkboxes:
Security Override (checkbox)
Financial Overide (checkbox)
I have created 2 Field Security Profiles (FSP).
Override Control
This FSP will grant assigned users the ability to read, create, update.
Override Read
This FSP will grant assigned users the ability to read.
When I tested Override Read with an assigned user. I was still able to click and changed the checkboxes. It appears as if crm is ignoring the Override Read FSP.
How can I configure the checkboxes to be read only using Field Security Profiles?
I tried testing and debugging the issue with the Field Security Profile for a few hours and decided to take a different approach.
I ended up using javascript, when the page loads it will disable the override checkboxes. The checkboxes will only been enabled if the user has a particular security role.
In case you were testing using account that has System Administrator - that would not work because System Administrator will have an access to any fields if I'm not wrong.
UPD in this case please provide screenshots of fields you've made FL-secured, profiles you've created for fields and screenshot of profiles assigned to a user and at the end screenshot of a form with fields.
I am writing a visualforce page that amoung other things allows creation of Queues. However I want to control whether the section is displayed depending on whether the user has the permissions required.
According to the docs: Creating Queues the user needs to have both permissions:
"Customize Application"
"Manage Public List Views"
I am querying the profile like so:
Profile profile = [
SELECT
PermissionsCustomizeApplication
//Was expecting: PermissionsManagePublicListViews
FROM
Profile
WHERE
Id = :UserInfo.getProfileId()];
However my problem is that I don't think the "Manage Public List Views" permission is exposed on the Profile object. Is the api name so different I am missing it? Does anyone know how to check for this permission in code?
I'm not sure about the name of the permission, but you could run an method to try and insert (and then delete!) a queue in an init method or similar, if it success then you know they have all of the relevant permissions required.
The snag here of course, is you may not want them to be able to delete queues (I'm assuming they work in the manner of the other objects in the system with respect to CRUD operations).
You cannot check for these permissions in code, and Lancey Snr's suggestion is probably the easiest work around. However, I personally don't like the idea of checking permissions by creating and deleting objects in the constructor.
I'd instead create a custom setting to track the Profiles (maybe as plain text) that are allowed to create profiles. The advantage of custom settings is that the administrator can update the custom setting when a new profile is created or an old one is deleted, or the permissions have been re-configured.
Use the custom setting in conjunction with the "with sharing" keyword in the controller code, and you can ensure that users who don't have permission to create Queues, won't be be able to create it.
Anup
I've decided to limit it just to people with the "Customise Application" profile option.
The reason being that this is the important profile option. The only reason people need the public list views options is because a new view is created for each new queue.
As I have discovered there is no crud security on the queue object in apex code. So restricting queue creation only to users with "Customise Application" seems like the safest and most flexible course of action.