Saturday, April 7, 2018

Salesforce: App Visibility and Query

This blog is written for Apps in Classic, not Lightning apps.

To check app visible and set to default for a user, go to the User Profile, and looks for Custom App Settings.

But, as you may know, in addition to Profile, admin also can assign the user with Permission Set, and additional apps can be added from Assigned Apps.

So, if you would like to trace down apps visible for a user, check user Profile + Permission Set assigned.

App Visibility 
To check an app is enabled for which profiles, open the app page, and click Edit button, scroll down to the bottom and check for Assign to Profiles section, users in the selected Profile will able to see the app.

With SOQL, we can query for more apps and profile/permissions set.

1. AppMenuItem
This object store item in the app menu.
Sample query: SELECT Id, ApplicationId, Name, Label, NamespacePrefix, IsAccessible, IsVisible FROM AppMenuItem WHERE Type = 'TabSet' ORDER BY ApplicationId

Id - 0DS prefix
ApplicationId - this is the app Id (prefix 02u)
Label/Name - app label and API name
NamespacePrefix - usually part of a managed package
IsAccessible - if true, the current user is authorized to use the app
IsVisible - if true, the app is visible to users of the organization

2. SetupEntityAccess
When granting a user access to an entity, associate the appropriate SetupEntityAccess records added with PermissionSet that’s assigned to a user.
Sample query: SELECT Id, SetupEntityId, ParentId, Parent.Label, Parent.IsCustom, Parent.IsOwnedByProfile, Parent.ProfileId FROM SetupEntityAccess WHERE SetupEntityType = 'TabSet' ORDER BY SetupEntityId

Id - 0J0
SetupEntityId - this is the app Id (prefix 02u)
ParentId - this is Permission Set Id (prefix 0PS), it can be Profile or Permission Set, check field IsOwnedByProfile. You can use parent relationship queries with . (dot)

By combining the 1st query on AppMenuItem and 2nd query on SetupEntityAccess using Application Id (prefix 02u), you can relate app accessibility with profile and permission set.

Sample: you would like to check all profile and permission have access to Sales app.
1. Query AppMenuItem to get Application Id for Sales app
2. Query SetupEntityAccess to get the list of Profiles and Permission Set for that application id (looks for SetupEntityId)

To enhance this, you can query to object PermissionSetAssignment to get users able to access the app, check out this blog Using Permission Set to Query User Permission.


No comments:

Post a Comment

Page-level ad