Help and Support Documentation

As a system Administrator, you might be asked questions like this every so often:

1. Here are a few Profiles; find all the objects to which they have access, along with the access levels to them (Read/Write/Delete).
2. Here are a few Profiles and a few Objects; make sure that those Profiles have only Read access to those Objects.
3. What are all the Account fields that user John Doe has access to, and why?

Answering questions like these can be laborious: You must click the Profile in Salesforce, click “Object Access,” find each of the objects in question inside that Profile, and check its access rights. Wouldn’t it be nice to be able to see all this information in one view?

It turns out that you can use SOQL to extract much of this data, because it is all available in standard Salesforce objects. For some context, here is a data model diagram showing the relationships between the relevant objects. Each arrow in the diagram goes from child object to parent object.

Based on these objects, you can build an Apsona Tabular View of the Object Permissions object, showing all the data you need for questions 1 and 2 above. Below is an example screen shot that shows all the objects accessible to a specific set of profiles, along with the access rights for each object.

And here are the steps to create this view.

1. Make sure that the four standard objects Profile, Permission Set, Object Permissions and Field Permissions are visible in your Apsona Configuration. See this article for how to do this.
2. In your main menu bar, hover over the More menu, look for the Object Permissions object and select its Tabular view.
   
3. Set the columns of the tabular view to include the Profile field of the Parent object (which you can get by opening the Parent panel in the field list on the left of the Set Columns popup), the SObject Type Name field of the Object Permissions object, and the six access rights fields.
4. Filter the list so that it shows only the profiles and objects you want.
   • To filter just the profiles you need, select the Profile field in the Parent object.
   • To filter to just the objects you need, use the SObject Type Name field. Note, though, that this field shows the API name of the object, not the label.

Here is another example: a tabular view showing field access rights by profile, created on the Field Permissions object using the same ideas. In this case, the field name is shown as a composite string: The API name of the object and that of the field, separated by a period, e.g., Account.Website.