ship
SalesForce Simplified

Your Go-To Resource for Streamlined Solutions and Expert Guidance

mountains
Empower Your Business
Dive deep into the world of CRM excellence, where innovation meets practicality, and transform your Salesforce experience with Forceshark's comprehensive resources

Using SOQL Queries to Discover Users with Custom Permissions

In the dynamic landscape of Salesforce administration, understanding and managing user permissions is crucial for maintaining a secure and efficient system. Salesforce Object Query Language (SOQL) plays a pivotal role in this realm, enabling administrators to delve into the intricate details of user access.

Understanding Custom Permissions

Custom permissions in Salesforce extend beyond the standard profiles and permission sets, providing a granular level of control over user access. These permissions allow administrators to define specific conditions under which users can access certain features or data. Leveraging custom permissions enhances security and ensures that users only have access to the functionalities they need.

Querying Users With Custom Permissions In Permission Sets Using SOQL

The getUsersWithPermInPermSet() method provides the capability to precisely query users possessing specific custom permissions set within the context of Permission Sets.

public with sharing class FSRK_UsersWithPermInPermSetHelper {
    public static List getUsersWithPermInPermSet(String customPermName) {
        Set parentIdSet = new Set();
        for (SetupEntityAccess sea : [
            SELECT ParentId
            FROM SetupEntityAccess
            WHERE SetupEntityId IN (
                // Perform a sub-query to retrieve the CustomPermission record corresponding to the provided customPermName
                SELECT Id
                FROM CustomPermission
                WHERE DeveloperName = :customPermName
            )
        ]) {
            // Collect the ParentId values from related SetupEntityAccess records
            parentIdSet.add(sea.ParentId);
        }
        // Query for User records associated with the PermissionSetAssignment records
        return [
            SELECT Id, Name, ProfileId, Profile.Name
            FROM User
            WHERE Id IN (
                // Perform a sub-query to retrieve PermissionSetAssignment records associated with the collected ParentId values
                SELECT AssigneeId
                FROM PermissionSetAssignment
                WHERE PermissionSetId IN :parentIdSet
            )
        ];
    }
}

By leveraging SOQL queries within the method, developers can dynamically extract information about user permissions associated with Permission Sets. Initially, through a nested query, we determine the Id of the required custom permission at the Custom Permission level. Subsequently, using these obtained Ids, we construct a query to fetch users whose corresponding Permission Sets include the specified custom permission.

Querying Users With Custom Permissions In Profiles Using SOQL

The getUsersWithPermInProfiles method is designed to retrieve a list of users who have a particular custom permission through their associated profiles.

public with sharing class FSRK_UsersWithPermInProfilesHelper {
    public static List getUsersWithPermInProfiles(String customPermName) {
        Set parentIdSet = new Set();
        for (SetupEntityAccess sea : [
            SELECT ParentId
            FROM SetupEntityAccess
            WHERE SetupEntityId IN (
                // Perform a sub-query to retrieve the CustomPermission record corresponding to the provided customPermName
                SELECT Id
                FROM CustomPermission
                WHERE DeveloperName = :customPermName
            )
        ]) {
            // Collect the ParentId values from related SetupEntityAccess records
            parentIdSet.add(sea.ParentId);
        }
        // Query for User records associated with the PermissionSetAssignment records
        return [
            SELECT Id, Name, ProfileId, Profile.Name
            FROM User
            WHERE ProfileId IN (
                // Perform a sub-query to retrieve PermissionSet records associated with the collected ParentId values
                SELECT ProfileId
                FROM PermissionSet
                WHERE Id = :parentIdSet
            )
        ];
    }
}

Conclusion

In the ever-evolving Salesforce ecosystem, effective user permission management is a cornerstone of a robust and secure system. SOQL queries emerge as a powerful ally in the quest to discover users with custom permissions. By harnessing the flexibility of SOQL, administrators can gain deep insights, customize access levels, and ensure that their Salesforce instance aligns with the organization's security and operational requirements.