function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Rachel Linder 20Rachel Linder 20 

Why is our permission set not working as expected

We have created a permissions set to provide a specific profile read and edit access to the 'Renewal Forecast' and 'Renewal Quoted' checkboxes on the Contract object. But when we login as the user to test we get an error.

We set the permission set up by completeing the following:
  1. Click Object Settings
  2. Click Contracts
  3. Edit the Object
  4. Click Read and Edit
  5. Clicked Read Access and Edit Access for the 'Renewal Forecast' and 'Renewal Quoted' fields
Please note that for that profile the Field Level Security for both of these fields has 'Visible' and 'Read Only' unchecked. The Org Wide Setting for 'Account and Contract' is Private.

The error we are receiving is below. Please note that the we (administrators) can check either one of the boxes with no error:

User-added image

We have been trying to narrow this down to find the issue with no luck.

Any ideas to what we may have possibly missed?
Best Answer chosen by Rachel Linder 20
Rachel Linder 20Rachel Linder 20
With the help of salesforce support we had to make many changes to validation rules, product rules, and price rules. 

All Answers

Andrew GAndrew G
Maybe a long shot, but what are the Sharing Rules for the Contract and/or Account records?

Noting that you said the OWD for Account and Contract is Private.  Which would restrict access unless Owned by User or Access provided by Sharing rule.  And noting that System Admins generally have the "modify all" in their permissions, which would by-pass the OWD of private on the Contract record.

Regards
Andrew
Rachel Linder 20Rachel Linder 20
There is a sharing rule that says for all non-partner accounts to make them visible to all and account and contract access is set to read/write.

See below:

User-added image
Andrew GAndrew G
Ok, other thought, now I look at the error message a bit deeper, is does the Permission Set have access to the listed Apex Classes?

Regards
Andrew
Rachel Linder 20Rachel Linder 20
I added the two classes listed. Iam still getting the following error:
User-added image


These classes and triggers are related to CPQ. This user is a CPQ user so not sure why they wouldn't automatically have access.
 
Andrew GAndrew G
Indeed, however, since the Permission is custom, the CPQ permissions will need to be added.

The main battle here is that we have no clear idea of what the CPQ package(code) is trying to do.

Next steps in trouble shooting would be to
1. add the "Create" access to the permission set - test.
2. add the "Modify All" permission - test
3. remove the "Create" permission - test

If the create has no impact, then we know the triggers aren't trying to create Contracts.
If the Modify All resolves the issue, then we need to look at the sharing rules to try and determine what prevents the update.  
If neither have an impact then the issue lies in some other object/record.

HTH
Andrew
 
Rachel Linder 20Rachel Linder 20
With the help of salesforce support we had to make many changes to validation rules, product rules, and price rules. 
This was selected as the best answer