In the previous blog Using Permission Set to Query User Permission, we discussed query on PermissionSet and PermissionSetAssignment to query on permissions related to the user permission, at the end of the blog we also introduce query to ObjectPermissions object to get permission related to Object.
In this blog, we are going to introduce another object called FieldPermission. As you know, basic fields accessibility for a user is determined by the user Profile, then extra permission can be given to the user thorough Permission Set. So, a query to FieldPermission will give you an idea of why/how a user able to access a specific field, and what is the permission to that field (Read or Edit).
SELECT Id, ParentId, Parent.Name, SobjectType, Field,PermissionsEdit,PermissionsRead FROM FieldPermissions WHERE SobjectType = 'Account' AND Field = 'Account.Active__c' ORDER BY Parent.Name
The sample result from the above query:
The main field from above query is ParentId, this field is referred to PermissionSet object, so you see the result of Parent.Name is PermissionSet.Name, the values are contained for both Profile and Permission Set.
For PermissionSet.Name value start with X00e, it is a Profile (includes Standard and Custom profile), while the one not starts with X00e is PermissionSet.
From the above screenshot, let us check if Activate_Contract_2 permission set gives extra permission for field Active__c in Account object: