Let us quickly see the differences between these objects, use cases, restrictions and finally why objectshare should not be used to get the access level of user in record.
UserRecordAccess
What is it : This object can be used to find out the user's access to a set of records. The important fields in this object are RecordId, MaxAccessLevel, HasReadAccess, HasEditAccess, HasDeleteAccess, HasDeleteAccess, HasTransferAccess and HasAllAccess.
Use Case : As an admin, When you want to find out if the record can be accessed by the user or not, Or what level of access the user has on the record, This is object that will give the answer.
Availability : API version 24.0 or higher. You can only query records of objects listed on the Sharing Settings Setup page.
DML Restrictions:
- The object is Read only. We can’t create, delete, or update any records using this object.
- We can query maximum of 200 records at a time. When querying, Some special restrictions are applied
- Id field can't be selected.
- Where clause must contain single userid and Record id (Single record or a list)
- We can only select RecordId, a Has*Access field, and MaxAccessLevel in the query.
- If we select only RecordId, Then where clause should contain Has*Access = true
To query user's access on a record
SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel FROM UserRecordAccess WHERE UserId = [single ID] AND RecordId = [single ID] //or Record IN [list of IDs]
UserRecordAccess foreign key is available on any records from API version 30.0 or higer. So if we need to get running user access on the records, we can use the query below
SELECT Id, Name, UserRecordAccess.HasReadAccess, UserRecordAccess.HasTransferAccess, UserRecordAccess.MaxAccessLevel FROM Account
Note : You can’t filter by or provide the UserId or RecordId fields when using this object as a lookup or foreign key.
ObjectShare
What is it : This can be used to give read or edit access to the records that are owned by other users. The important fields in this object are ObjectId, ObjectAccessLevel, rowCause, UserOrGroupId
Use Case: As a developer, You can use this object programmatically to share the records to any users or groups.
Availability
- From Summer 20 or later, The user with access to the Object can only access ObjectShare records.
- There is no share object for the object which is a child in Master detail relationship
- If the OWD settings is already most permissive Public Read/Write, ObjectShare records will not exist in the organisation.
DML Restrictions:
- We can query more than 200 records at a time. The sample query is
Select id, AccountId, AccountAccessLevel, RowCause, UserorGroupId from AccountShare- We can do any DML operation (Create, Update, Delete) on this object. Sample apex script to share the record via Apex
// Create new sharing object for the custom object Job. Candidate__Share canShr = new Candidate__Share(); canShr.ParentId = recordId; canShr.UserOrGroupId = userOrGroupId; canShr.AccessLevel = 'Read'; canShr.RowCause = Schema.Candidate__Share.RowCause.Manual; Database.SaveResult sr = Database.insert(canShr,false);
Why you should not use ObjectShare to check the R/W access of the user
Because ObjectShare don't track all the ways that the user can get the access to the records. Examples
- Sharing granted to users implicitly through OWD, the role hierarchy, and permissions such as the “View All” and “Modify All” permissions for the given object, “View All Data,” and “Modify All Data” are not tracked with this object.
- If the record is shared in multiple ways with a user, you don’t always see multiple sharing records. If a user has access to an account for one or more of the following RowCause values, the records in the AccountShare object are compressed into one record with the highest level of access.
- ImplicitParent
- Manual
- Owner
This is why Share object is not an option to find out access level of the user to record.
Thank you for your time in reading this post. Please feel free to comment below if you have any questions or need clarifications on any Salesforce topics.
Cheers
Comments
Post a Comment