Friday 25 January 2019

What will happen if profile related to user U1 above in role hierarchy doesn’t have CRUD permission for object say A. User U2 below in his role hierarchy have CRUD permission to object A. Will user U1 will be able to see or edit record if Grant Access Using Hierarchies is checked for object A in sharing settings?

No.If a user does not have read or edit access to an object via OWD, a profile or permission set, they will have no visibility over an object regardless of their role and role hierarchy.

Always remember that User above in role hierarchy can see records of users below in hierarchy but operation which he can perform depends on permission on his profile (CRUD & View All & Modify All).

 If a user does not have access to a specific record type, will they be able to see the records that have that record type?

Yes. Record type controls only visibility of record on UI not its access to users.



How to check whether user has access to a particular record or not?

Query “userRecordAccess” to check whether has access to record or not.


For example:

SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel, HasAllAccess, HasDeleteAccess, HasEditAccess FROM UserRecordAccessWHERE UserId = “005xxxxxxxxx”AND RecordId = “001xxxxxxxx”

HasAllAccess Indicates whether a user has all access–read, edit, delete, and transfer—to the record (true) or not (false).

HasReadAccess, HasEditAccess , HasDeleteAccess ,HasTransferAccess return Boolean value.

MaxAccessLevel return access level like None, read, Edit,Delete,Transfer and All.