Can't select User ID from Salesforce - salesforce

I'm trying to select user's subordinates from Salesforce, but a simple query
SELECT Id FROM User WHERE ManagerId=xxxxxxxxx
returns bunch of null values, when I run
SELECT Id,Name FROM User WHERE ManagerId=xxxxxxxx
I get the correct names, still no IDs.
Is this a permission issue? I can't find anything when I login to portal.
I'm running the queries via API on Sandbox environment.

Try this (both works for me allways):
Id myId = [Select Id From User Where Username = 'myUserName'].Id;
System.debug('#### myId: ' + myId);
List<User> myIdList = [Select Id From User Where Username = 'myUserName' Limit 1];
System.debug('#### myId from list: ' + myIdList[0].Id);

Portal Licence doesn't allow to query User. However you have still access to the name of the user through OwnerId, CreatedById, LastModifiedById using in an inputfield.
i.e :
If you want to have access to user through the portal you need a custom object and synchronise your records with User by trigger.

Related

Getting query results in Workbench , Not in apex class/Script

Background: I need access account records in the apex class where name contains %
For example, the query should return below accounts
abcd10%
cdcd40%abcd
10%volume
When I execute the below query I am getting results in the workbench
select id, name from Account where Name LIKE '%\%%'
the same query If I execute in Anonymous window/apex execute getting no results.
List accList = [select id,name from Account where Name LIKE '%\%%'];
system.debug('accList :::'+accList.size());
If we observe the below image, it is appending extra / in the query and giving wrong results.
Can you please help me how to resolve this?
16:00:21:002 SOQL_EXECUTE_BEGIN [1]|Aggregations:0|SELECT id, name FROM Account WHERE Name LIKE '%\%%'
You could use a bind variable or dynamic SOQL.
String searchText = '%\\%%';
List<Account> accs = [SELECT Id, Name
FROM Account
WHERE Name LIKE :searchText];
System.debug(accs.size());
System.debug(accs);
// Or in dynamic query (looks bit crazier because ' has to be escaped too)
List<Account> accs2 = Database.query('SELECT Id, Name FROM Account WHERE Name LIKE \'%\\%%\'');
System.debug(accs2);

Retrieving Oracle Password_Verify_Function

I am an IS auditor and I would like to check how we can retrieve the PASSWORD_VERIFY_FUNCTION assigned to users. I understand the script utlpwdmg.sql can be executed to setup the default password resource limits.
If changes were made using ALTER PROFILE, the script utlpwdmg.sql will not show the latest settings.
Please let me know what SQL commands I can execute to show what is the PASSWORD_VERIFY_FUNCTION stored and used in the system.
You can use this query to see source code of stored proc:
--Source of all password functions.
select *
from dba_source
where owner = 'SYS'
and name in
(
--The name of all password functions in use.
--See DBA_USERS.PROFILE to determine which user is using which profile.
select limit
from dba_profiles
where resource_name = 'PASSWORD_VERIFY_FUNCTION'
--Yes, this is intentionally the string 'NULL', that's what Oracle uses here.
and limit <> 'NULL'
)
order by name, line;
To find out what users are using PASSWORD_VERIFY_FUNCTION, you need to find out which profiles are using the function and then see which users are assigned that profile.
select profile from dba_profiles where limit = 'PASSWORD_VERIFY_FUNCTION';
select username from dba_users where profile = ;

Different Permissions in Apache Shiro for every User?

I built a database with the entity user and permission
user (id, email, password, permission)
permission (id, create_user, delete_user, user_fk)
create_user and delete_user is BOOLEAN.
Relationship: One-One
Now every user can have it's own permissions.
My question is: How can I use shiro to read the permissions from the database?
If you really only wish to assign permissions on user level, you can "fake" the roles table to make Shiro happy.
As Wouter mentioned, use the JdbcRealm and specify the 3 queries for your table setup.
You should modify your permission table to have this structure:
permission (id, permissionname, user_fk)
Then you insert rows for the create_user/delete_user rights as needed.
This way it's very simple to add another permission (reset_password for example) to your setup, without the need to modify the db schema.
In the shiro.ini (or how you call the your shiro config file):
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
For the queries use then this:
jdbcRealm.authenticationQuery = select password from user where email=?
jdbcRealm.userRolesQuery = select id from user where email=?
jdbcRealm.authenticationQuery = select permissionname from permission where user_fk=?
The small trick in your setup is: you don't have roles at all, so we just return the id of the user as the role name.
When the lookup in the permission table is done, it then uses the role name (=user pk) and returns the associated permissions.
You should configure a JdbcReam in your .ini file:
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
If you change your schema to adhere to the shiro queries, no extra config is needed. You need tables users, user_roles and roles_permissions.
See the source code how the exact column names should be:
https://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
Alternatively you can configure your own queries to match your schema in the .ini file like so:
jdbcRealm.authenticationQuery=<your password select statement>
jdbcRealm.userRolesQuery=<your role names for username select statement>
jdbcRealm.authenticationQuery=<your permissions for role name select statement>

How to find loginname, database username, or roles of sqlserver domain user who doesn't have their own login?

I have created a login and database user called "MYDOMAIN\Domain Users". I need to find what roles a logged on domain user has but all the calls to get the current user return the domain username eg. "MYDOMAIN\username" not the database username eg. "MYDOMAIN\Domain Users".
For example, this query returns "MYDOMAIN\username"
select original_login(),suser_name(), suser_sname(), system_user, session_user, current_user, user_name()
And this query returns 0
select USER_ID()
I want the username to query database_role_members is there any function that will return it or any other way I can get the current users roles?
I understand that the Domain Users login is mapped into AD group?
You have to bear in mind that user can be in several AD groups and each of them can be mapped somehow in database which may be a bit messy. Also it means you need something with multiple results :)
Try this:
select * from sys.server_principals where type_desc = 'WINDOWS_GROUP' and is_member(name) = 1
I think it should grab properly all Windows Group logins that will be tied with particular users. After that you can join it for database users i.e.:
Select u.name from YourDB.sys.syslogins l
inner join YourDB.sys.sysusers u
on l.sid = u.sid
where l.loginname = ANY (select * from sys.server_principals where type_desc = 'WINDOWS_GROUP' and is_member(name) = 1)
You have to keep in mind that - all the way - you may need to handle whole sets rather then single values.

Finding a user's manager record in Active Directory

Using Active Directory, am trying to find the SamAccountName and email of the user’s manager.
I find the logged on user in the AD by search where sAMAccountName = Domain\Account. I then retrieve the manager property, which looks like this, for example:
CN=Doe\, Jane E.,OU=Employees,OU=Users,OU=Detroit,OU=United States,DC=na,DC=gmc,DC=gmc,DC=com"
How can I use this presumed key to find the user record for this person? What field would I match on?
If I remember correctly, that is their Distinguished Name, which means you can use it as the direct reference to their profile
LDAP://CN=Doe, Jane E.,OU=Employees,OU=Users,OU=Detroit,OU=United States,DC=na,DC=gmc,DC=gmc,DC=com
I also think it will return that name if the profile exists. If it has been deleted then I believe it runs a GUID of some sort (based on memory - this might be incorrect)
The entry for the manager is the manager's Binding String. You can feed it back into a request to active directory by binding it to an object that will return the manager's information.
(This is a post from old time, but I thought might be useful for others in the community)
You can use string stripping and find it like this:
REPLACE(SUBSTRING(manager, 4, CHARINDEX('OU=', manager)-5), '\', '')
Full working query (just change DOMAIN to your own):
SELECT Top 901 manager, REPLACE(SUBSTRING(manager, 4, CHARINDEX('OU=',
manager)-5), '\', '')
FROM OPENQUERY( ADSI, 'SELECT manager FROM ''LDAP://DC=DOMAIN,DC=local''
WHERE objectCategory = ''Person'' AND objectClass= ''user''
AND userprincipalname = ''*'' AND mail = ''*'' AND SN = ''*'' ')

Resources