Apex Code Development You need to sign in to do that
Don't have an account?
qsdunn Custom Object Permission confusion
How do I allow users using standard profiles to view a custom object?
Some of the users in my organisation are not able to see all the custom objects that I have created.
Trying to fix this, I've been around and checked every checkbox I could find that looked even vaguely applicable to no avail. Apart from the ones under Setting->Manager Users->Profiles because apparently the standard profiles cannot be edited.
Which is where I start to get confused. Because according to the documentation "users with standard profiles can't access new custom objects—you must assign them custom profiles and edit the profiles" ... but about half of my custom objects are accessible with the standard profiles.
So obviously there must be way to allow standard profiles access to custom objects because I've apparently already done it several times but as I'm making this up as I go along learning this as I go along I didn't realise it was impossible at the time and now can't remember how to do it again.
Can anyone enlighten me?
I just combed through the Spring '10 release notes, and it looks like this is a new feature:
"Spring '10 introduces enhanced security for custom object permissions. In Enterprise, Unlimited, and Developer Editions,
when you create a custom object, the “Read,” “Create,” “Edit,” “Delete,” “View All,” and “Modify All” permissions for that
object are disabled for any profiles in which “View All Data” or “Modify All Data” is disabled. This ensures that all users don't
immediately get full access to custom objects.
You can change these permissions in custom profiles, but not standard profiles. That is, users with standard profiles (except
System Administrator) can't access new custom objects—you must assign them custom profiles and edit the profiles."
That's unfortunate.
All Answers
Hi there,
What you could do is clone the standard profile of the standard user by clicking on the clone button and name it "Your_StandardUser."
Then you can edit "Your_StandardUser" profile and can then grant access to custom objects Under "Custom Objects Permission " of your profile.
I already know I could use a custom profile (and indeed I have done) to deal with this.
What's confusing me is that some of the Custom Objects are already available to Standard Users when everything I've read says that none should be: there's obviously some what of assigning permissions that I'm not seeing.
I'm having the same problem. It's totally bizarre. I think they must have made this as a change in the last release, because I've never had this problem before. Did you ever figure out how to update the profile without creating a whole new one? If we can no longer grant access to custom objects for standard profiles, then the standard profiles are quickly going to become obsolete in my org.
I just combed through the Spring '10 release notes, and it looks like this is a new feature:
"Spring '10 introduces enhanced security for custom object permissions. In Enterprise, Unlimited, and Developer Editions,
when you create a custom object, the “Read,” “Create,” “Edit,” “Delete,” “View All,” and “Modify All” permissions for that
object are disabled for any profiles in which “View All Data” or “Modify All Data” is disabled. This ensures that all users don't
immediately get full access to custom objects.
You can change these permissions in custom profiles, but not standard profiles. That is, users with standard profiles (except
System Administrator) can't access new custom objects—you must assign them custom profiles and edit the profiles."
That's unfortunate.
You're right. That would explain the discrepancy. The older custom objects are accessible with the Standard User profile; the newer objects (and presumably any I create in future) are not.
So I guess standard profiles are useless now.
This is completely absurd. We created a package before the spring 2010 release and all went well, now I am trying to update it, add a new custom object and bang, it no longer works for any standard profile. I really cannot image what additional security this can add as obviously nobody will ever be able to use the standard profiles with any degree of customisation, so all you add is that everybody will switch to a different profile and again no user receives any additional security from this new rule.
So now I can go tell clients that if they want ot upgrade, they will need custom profiles for all users using the package?
Would it not be enough simply to make it so that new custom objects by default are not accessible to standard profiles but that you can still change it?
I would like to see some comment from someone from salesforce on this to see what the hell they were thinking?
I agree that this is very frustrating. Is there a way to delete the Standard User profile so that there is no confusion why all my users are assigned to a new custom profile that shares a similar name?