function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
aezellaezell 

Getting value from Contact.HasOptedOutOfEmail

I have an application that uses the API to allow our users to import data from a Salesforce campaign into our system (mostly the campaign member data). We are an ESP (Email Service Provider) and would like to pull in the HasOptedOutOfEmail value for the campaign members which we import, or at the very least, not allow a user to import those campaign members who have an opted out status.

However, I have noticed in testing that this field is not always available to the user which is logged in via our system. It can be made accessible, but is not so by default.

Currently, our system does a select SOQL statement, like so (in Python):
qry = "SELECT Id, %s FROM CampaignMember WHERE CampaignId = '%s' AND IsDeleted = False %s" % (fields, str(campaign_id), query_limit)

where 'fields' is a string of the field names to select. I can include Contact.HasOptedOutOfEmail in this string but that breaks if the logged in user doesn't have access to that field. Right now, I am getting this list of fields programmatically via the API.

Can I include Contact.HasOptedOutOfEmail in the WHERE clause of the query if the user doesn't have access to the field? That way, I could simply not return those members who are opted out.

I guess, the larger question is, if I know my application absolutely must have access to a field via the API that may or may not be available to the logged in user, what's the best way to handle that programmatically and also inform the user?
Carl_V1Carl_V1
My immediate thought is that put simply, the field is accessible only to those users that should have access to it. Users not involved in campaign management and thus dont have permission via their profile will not be able to use that field.  Im sure you follow me to that point. Only way I can think to handle it programmatically independently of the current users permissions is to use a dedicated user account login that has required permissions prior to executing query.  Can you simply provide all user profiles within your Org access to that field, or is this app being used in Orgs beyond your administrative control?
aezellaezell

Carl_V1 wrote:
My immediate thought is that put simply, the field is accessible only to those users that should have access to it. Users not involved in campaign management and thus dont have permission via their profile will not be able to use that field.  Im sure you follow me to that point.


I fully agree with that, however...


...is this app being used in Orgs beyond your administrative control?



Precisely, our users are logging into their SF accounts which are not connected with our organization. So, our application is logging into their Org with their credentials. So, as you say, we are at the mercy of the credentials they provide.

Perhaps, the answer lies in educating our users that want this functionality? It would be nice not to have to rely on them to set permissions correctly. We are thinking of an AppEx piece of our app that would be installed into the Org. Could we use that app to get access to this field, or other fields that the "user" might not have access to?
Carl_V1Carl_V1

Given that your app provides/extends marketing functionality, I assume if you add as a prerequisite that users that utilise your app must have marketing permissions active (possible check user credentials at startup for this and alert them to the fact prior to actioning queries) then you're all sorted? 

Alternative to checking at startup might be to have your query error handling allude to the possible permissions issue, and refer them to a requirements doc?

aezellaezell
Both great ideas. Thanks Carl!