checking for record access in visual workflow

the UserRecordAccess object “Represents a user’s access to a set of records”.

in apex, you can query this object to determine if a user can view, edit, delete, share, or transfer a record.

SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel
FROM UserRecordAccess
WHERE UserId = [single ID]
AND RecordId = [single ID]

in flow, you can query this object to test for edit before updates, in theory, but its got some quirks because it has very specific requirements around how the query is structured, and the standard flow “get records” element does not meet them.

the docs specify these requirements for the query. the 2nd and 3rd ones come into play here.

SOQL restrictions:

if you do a regular ‘get records’, filter on userId and recordId, and store all fields, you will likely get this error

Error Occurred: This error occurred when the flow tried to look up records: RecordId field must be selected.

This is because you must include the recordId field in the select clause from the query, and the ‘store all fields’ option does not specify that field unless you reference it later. (note that referenceing recordId downstream in the flow also does not work, for reasons i will get to next).

The query, roughly, is being run as:

SELECT HasEditAccess FROM UserRecordAccess WHERE RecordId = [filterValue] AND UserId = [filterValue]

and it needs to be

SELECT RecordId, HasEditAccess FROM UserRecordAccess WHERE RecordId = [filterValue] AND UserId = [filterValue]

So, I modified the get records to use the option where you can specify the fields to store, and stored RecordId and HasEditAccess. And then got this new errror

Error Occurred: This error occurred when the flow tried to look up records: Can select only RecordId, a Has*Access field, and MaxAccessLevel.

This is because flow always includes the Id field, and apparently returning the Id field of the userRecordAccess record is not acceptable.

This same error is also thrown if you try to reference the recordId field downstream (say in a decision) to get flow to include it the query, presumably because the Id field is still included.

So i went the manually assign variables route, and it was successful.

Screenshot 2021-08-03 7.12.27 AM.png

note that you must store recordId in a variable to get this to work, even though you are also passing it in as a filter value, else you will get the 1st error.

 
0
Kudos
 
0
Kudos

Now read this

Keep your (users) API access in check (part 1)

There are tons of amazing applications out there that connect to Salesforce - heroku apps like the perm comparator, salesforce plugins for excel, chrome extensions, and on and on. These tools allow users and admins to do amazing things,... Continue →