+ Start a Discussion
Morgan MarcheseMorgan Marchese 

Can I CRUD Managed Package Objects via Lightning or VisualForce with a non-licensed user (Customer Community User)?

First and foremost, we are not trying to be unethical. I am in the middle of vetting Salesforce CPQ+ and Salesforce Billing as potential replacements for our existing quoting and billing systems. We are in constant communication with our CPQ team at Salesforce as we continue to evaluate the solution, and I'm going to ask as many people as I can about this.

Long story short, we are looking to build an "App Store", built on Force.com, to host API-connected apps for our own Cloud product. Think of it like our own version of AppExchange. Customers would be authenticated into the website as Customer Community Users via Single Sign-On from our Cloud Product. We haven't decided on Lightning or Visualforce yet. 

A small portion of the overall solution would be Contract/Subscription Self Service, basically this workflow:
  •  Create Amendment Opp
  •  Create Amendment Quote 
  •  Add/Remove Products to the Quote 
  •  Calculate the Quote Pricing 
  •  Order 
  •  Contract
  •  Other small things like viewing previous Invoices and changing default payment methods. 

If we move to Salesforce CPQ, then that action would require creating, reading, and updating SBQQ__ managed objects from users without SBQQ__ licenses.

What I think I know:
  1. According to https://salesforce.stackexchange.com/questions/10518/access-managed-package-object-records-via-unlicensed-user, an apex class without sharing will return an empty result set when executed by an un-licensed user.
  2. Apex natively ignores CRUD and FLS, but honors sharing rules IF the apex class is run with sharing.
  3. According to the chosen answer on the aforementioned question, this CAN be done by leveraging the Ajax Proxy to call a custom Apex REST API

I've been looking into this most of the day and have the following questions:
  1. If I'm running a query in an Apex Class (without sharing) as an unlicensed user, and it returns an empty record set, why would running the same query via custom REST API via the Ajax proxy return results if it's authenticating as the same unlicensed user? (per the answer given on https://salesforce.stackexchange.com/questions/10518/access-managed-package-object-records-via-unlicensed-user)
  2. Can you call an Apex REST API directly from the same org without using Ajax proxy, or is that the recommended method?
  3. Could I use Javascript Remoting to work with the managed package data instead?
AbhishekAbhishek (Salesforce Developers) 
Hi,

Please feel to reach out to the accelerator team who can give you the idea of how you can implement according to your business requirement if you have the premier success plan.

Please find the details on how to request for an accelerator:https://help.salesforce.com/articleView?id=000337601&type=1&mode=1

Otherwise, I would request you to reach out to your Account Executive If you wish to upgrade to Premier Support please contact your Account Executive.

Thanks.
Morgan MarcheseMorgan Marchese
Thank you, but we do not have a Premier Success Plan. I assume you may know that already if you looked at our account. I do not wish to upgrade to a Premier Support plan just to get an answer to a development question, that's why I've come to the developer forums to seek help from my peers.

Thanks.