Wednesday, April 11, 2018

Salesforce: Account accessibility

As we mentioned in this blog Contact, Opportunity, Case access, Role Hierarchy play a part in giving Account owner accessibility (view or edit) of Contact, Opportunity, and Case tagged to the Accounts owned by the user.

However, how is the other way round, if the Opportunity (including Contact and Case) is not the same with the Account owner, can the Opportunity owner able to access Account where the user supposed not able to access that account?

The answer is yes, this is called implicit sharing. Salesforce provides implicit sharing between accounts and child records (opportunities, cases, and contacts), and for various groups of portal users.

  • Access to a parent account — If you have access to an account’s child record, you have implicit Read Only access to that account.
  • Access to child records — If you have access to a parent account, you have access to the associated child records. The account owner's role determines the level of access to child records, read this blog Contact, Opportunity, Case access.

However, this does not apply to lookup relationship for custom objects.

If you are still in Classic, you can check the sharing reason, read this blog Sharing Button URL. This implicit sharing will be shown with reason as "Associated record owner or sharing", if you click that link, it will show which records that associated and give the user access to the parent record.

Click "Associated record owner or sharing" link, in this sample, I click "Allison Wheeler".


Saturday, April 7, 2018

Salesforce: App Visibility and Query

This blog is written for Apps in Classic, not Lightning apps.

To check app visible and set to default for a user, go to the User Profile, and looks for Custom App Settings.

But, as you may know, in addition to Profile, admin also can assign the user with Permission Set, and additional apps can be added from Assigned Apps.

So, if you would like to trace down apps visible for a user, check user Profile + Permission Set assigned.

App Visibility 
To check an app is enabled for which profiles, open the app page, and click Edit button, scroll down to the bottom and check for Assign to Profiles section, users in the selected Profile will able to see the app.

With SOQL, we can query for more apps and profile/permissions set.

1. AppMenuItem
This object store item in the app menu.
Sample query: SELECT Id, ApplicationId, Name, Label, NamespacePrefix, IsAccessible, IsVisible FROM AppMenuItem WHERE Type = 'TabSet' ORDER BY ApplicationId

Id - 0DS prefix
ApplicationId - this is the app Id (prefix 02u)
Label/Name - app label and API name
NamespacePrefix - usually part of a managed package
IsAccessible - if true, the current user is authorized to use the app
IsVisible - if true, the app is visible to users of the organization

2. SetupEntityAccess
When granting a user access to an entity, associate the appropriate SetupEntityAccess records added with PermissionSet that’s assigned to a user.
Sample query: SELECT Id, SetupEntityId, ParentId, Parent.Label, Parent.IsCustom, Parent.IsOwnedByProfile, Parent.ProfileId FROM SetupEntityAccess WHERE SetupEntityType = 'TabSet' ORDER BY SetupEntityId

Id - 0J0
SetupEntityId - this is the app Id (prefix 02u)
ParentId - this is Permission Set Id (prefix 0PS), it can be Profile or Permission Set, check field IsOwnedByProfile. You can use parent relationship queries with . (dot)

By combining the 1st query on AppMenuItem and 2nd query on SetupEntityAccess using Application Id (prefix 02u), you can relate app accessibility with profile and permission set.

Sample: you would like to check all profile and permission have access to Sales app.
1. Query AppMenuItem to get Application Id for Sales app
2. Query SetupEntityAccess to get the list of Profiles and Permission Set for that application id (looks for SetupEntityId)

To enhance this, you can query to object PermissionSetAssignment to get users able to access the app, check out this blog Using Permission Set to Query User Permission.


Wednesday, April 4, 2018

Salesforce: Change User Email Address

Whether you’re a Salesforce user or Salesforce admin, you can change the email address in the details on User records to update contact information.

Requirement: Email addresses can only be updated for Users listed as “Active” on the User Detail page.

Once email change in the setup menu, a notification email will be sent to the original email address and a verification email will be sent to the new email address to authorize the change. To apply the update, the user must click the verification link sent to their new email and complete the resulting verification steps within 72 hours.

Please note that this will happen when changing the email address on the user record, including changing the "return address" from the user's personal email settings.

Expected Behavior:
When these fields are updated, you can expect the following:
  • Username: the field is updated and the user receives an email notification, notifying them of the change.
  • Email Address: an email is sent to the new email address so that the change can be confirmed. The field is not updated until the email address owner confirms the change. An email is also sent to the older email address informing the change.
  • Return Email Address: an email is sent to the new email address so that the change can be confirmed. The field is not updated until the email address owner confirms the change.


Tuesday, April 3, 2018

Salesforce: Formula Field to view Attachment

This blog is more for Classic, as the attachment is no longer support in Lightning, although existing attachments will be still available in Lightning, you just can't upload the new attachments in Lightning.

Here is the requirement, users would like to have the ability to view the attachment within one click from record page layout, assume only max 1 attachment per record.
By default, you need to scroll down to the "Notes & Attachments" related list, then click the file name, this will open attachment page (00Pxxxxxx), which also show the file size, then click "View file" link -- this is two click from the record page.

Using formula field below, it will show View link when the "id" is available, otherwise, the View link field will not be visible.

IF (NOT(ISBLANK(Attachment_Id__c)),HYPERLINK("/servlet/servlet.FileDownload?file="+ Attachment_Id__c,"View", "_blank"),NULL)

This is to assume that Attachment_Id__c value (a custom text field) has been populated by apex trigger.

The above formula field will work in Lightning, but "_blank" target will not work; the image will overwrite existing web browser window.

Jeff's blog How to Customize Salesforce Attachments explains how to "add" custom fields for Attachment using a custom object, act as a layer between the real object with attachment.