Find your content:

Search form

You are here

Homeยป

Running a flow in a system context

 
Share

We have a flow in our org that accesses a few custom objects (create,update). These objects are not accessible to most profiles, and when those profiles try to run the flow it fails since they don't have access to the object. Is it possible to have the flow run as a more privileged user or does that break the current SF security model?


Attribution to: akarnid

Possible Suggestion/Solution #1

Since this question was first asked and answered, this blog post addresses how to use Process Builder to launch a flow, which will then run in system mode.


Attribution to: Scott_in_London

Possible Suggestion/Solution #2

Presuming you do not want to update your security model to give visual access (Tabs, Related Lists, etc.) to these users.

  • Give the user profile read/update/create access to the objects accessed by the flow
  • DO NOT give the user profile access to the tabs associates with the objects
  • Create page layouts that do not include related lists/lookups associated with the objects

This would give the user the ability to access the flow in question, from a home page link or button, but they would not be able to see any of the records associated to the flow in tabs, list views, etc.

The fields and objects would essentially still be available through reports and dashboards presuming the user has report/dashboard folder access.


Attribution to: Justin J Carlson

Possible Suggestion/Solution #3

You can call an Apex plug-in from the flow: http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_process_plugin_using.htm

You could run this plug-in without sharing to allow the user to insert/update objects that they do not have access to. Write the plug-in to accept as input all parameters needed to perform the inserts and updates. Then in the apex plug-in you can insert or update records based on your requirements and return the object IDs or errors that returned from your DML operations.

I believe this is the only solution that will keep a pretty tight lock on your security.


Attribution to: Eric Nelson
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/3510

My Block Status

My Block Content