Find your content:

Search form

You are here

Determine org. wide security on an object


I'm trying to determine (in APEX) what the security level is of a custom sObject (for a UI)

For example:

mysObject__c (Public Read Only, Private, etc.)

I know it's possible to test the by inserting a __share and trapping the exception that is returned, but I'm concerned about other unknowns there are.

Should I test with any random instance of the sObject as a ParentId, and should I Just use the current user as the UserOrGroupId

mysObject__c m = [SELECT id FROM mysObject__c];
mysObject__share testShare = new mysObject__share();
testShare.ParentId = m.Id; // using first record returned
testShare.UserOrGroupId = UserInfo.getUserId(); // using current user id
testShare.AccessLevel = 'Read';
Database.SaveResult sr = Database.insert(testShare);
        // look for the exception
        Database.Error err = sr.getErrors()[0];
        if(err.getStatusCode() == StatusCode.FIELD_FILTER_VALIDATION_EXCEPTION && err.getMessage().contains('AccessLevel')){
           system.debug('object is public read');

Does this guarantee the result for every object of that type? And which 'OwnerId' - will always be same exception be thrown even if the user is the owner of the record in question?

Is there a call to explicitly get the security level.

Attribution to: jordan.baucke

Possible Suggestion/Solution #1

If public read/write the __share sObject will not exist and your apex will fail to compile. You should consider using the global describe and dynamic apex to avoid this if you have to support sObjects that might be public read/write.

As far as telling public read only apart from private sharing I think your approach of attempting to insert a share record and looking at the resulting exception, if any, is the best approach I've seen to date.

Also note that if you're looking for access on a per-record basis you should look into the UserRecordAccess sObject, but it sounds like you're looking for org-wide defaults only, correct?

Attribution to: ca_peterson
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content