function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
sfdcdev.ax551sfdcdev.ax551 

Can an API only user access the User Objects?

Hi,

 

Can an API only user able to access the User Objects like User, User Role, UserGroup? We tried it and it threw INSUFFICIENT_ACCESS_OR_READONLY error.

 

We have a requirement to use the API only user, but who has access to update User objects. At the same time we do not want to use the System Administrator profile for this purpose.

 

Any pointers?

 

Thanks for your time.

Message Edited by sfdcdev on 09-22-2009 02:26 PM
Best Answer chosen by Admin (Salesforce Developers) 
SuperfellSuperfell
I believe you need the "view setup" permission to be able to query the users table. again, "api user" flag is irrelevant, its how the users profile is configured.

All Answers

SuperfellSuperfell
the API only user flag has no affect on which objects & rows the user can access, that continues to be controlled by the users profile & role & sharing rules.
sfdcdev.ax551sfdcdev.ax551

Hi Simon,

 

Thanks for your response. The user object is however not exposed in the profile detail under Object Persissions and hence there is no way for us to grant permission for User object from the Profile edtail page. 

 

So in other words, is it true that only System administrators have access to edit the User object and not a user who has a profile permission with "API User" enabled?

 

Thanks

SuperfellSuperfell
I believe you need the "view setup" permission to be able to query the users table. again, "api user" flag is irrelevant, its how the users profile is configured.
This was selected as the best answer
Nick1746323Nick1746323

 Quote from docs:

 

To create() or update() a User record, you must log in with the “Manage Users” permission. Additionally, if the user is a Customer Portal user, you must log in with the "Edit Self-Service Users" permission; and if the user is a Partner Portal user, you must log in with the "Manage Partners" permission.