Find your content:

Search form

You are here

Homeยป

How to access profile permissions via API

 
Share

If I know the name of a certain profile, I would like to obtain CRUD permission settings for each object in the profile using Apex.

I see that there is an sObject called Profile, but this only reveals the boolean values of permissions such as Edit Case Comments, or Transfer Cases etc.

There is another sObject called ObjectPermissions which you can get this info from, but this is only for Permission Sets and not for Profiles.

I would like to determine whether a certain profile can read and edit Case records just as the ObjectPermissions sObject allows you to do for Permission Sets.

Is this possible?

Thanks


Attribution to: Joe

Possible Suggestion/Solution #1

Doing this is pretty much possible both in Apex and Visualforce code. The platform gives rich describe information and shorthands which check the current user's CRUD or FLS permissions.

Here are few code snippets

To know if few fields are accessible 

<apex:outputText value="{!accountBillingAddress}" rendered="{!AND($ObjectType.Account.fields.BillingCity.Accessible, $ObjectType.Account.fields.BillingState.Accessible)}"/>

To check the same in Apex code

     if (Schema.sObjectType.Account.fields.BillingCity.isAccessible()
          &&
        Schema.sObjectType.Account.fields.BillingState.isAccessible()  
        ){ }

Similarly individual objects can be checked as well, for ex:

<apex:relatedList list="Contacts" rendered="{!$ObjectType.Case.accessible}"/>

This guide has lot of rich details about secure coding guidelines for further reading: http://wiki.developerforce.com/page/Secure_Coding_Guideline

Source : VF Dev guide (http://www.salesforce.com/us/developer/docs/pages/Content/pages_controller_std_checking_accessibility.htm) and Developer force WIKI


Attribution to: Abhinav Gupta

Possible Suggestion/Solution #2

Actually, the PermissionSet SObject has a field in it called IsOwnedByProfile. Take a look at this blog post by Adam Torman, http://blogs.developerforce.com/engineering/2012/06/using-soql-to-determine-your-users-permissions-2.html:

This field determines whether a permission set is a custom one or if it is parented by a profile. This is made possible because for every profile, there is one underlying permission set. That way, permissions layer equally across permission sets without having to treat a profile differently.

So, if you want to find the CRUD permissions of a profile you can do something like this:

SELECT Id, SObjectType, PermissionsRead, PermissionsCreate
FROM ObjectPermissions
WHERE parentid in (select id from permissionset where
PermissionSet.Profile.Name = 'System Administrator')

Attribution to: Daniel Hoechst
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/3800

My Block Status

My Block Content