Apex Code Development You need to sign in to do that
Don't have an account?
Choleric Switching User in APEX class / getting Object permissions
Hey,
I need to create Partner-Object entries within an APEX class.
Therefore the User needs 'view all data' permissions.
Granting these permissions permanently is not an option.
Thats why I'm searching for a way to:
a) switch the user in an APEX class -> runAs() seems to work in TestClasses only,
b) granting permissions within the class
or
c) skip any permission checks for the class / certain calls in the class
Any Idea is welcome.
so long
Stefan
Hi Andrew,
I knew about these sharing-flags and already used them without any success. (should have metioned that in my entry post - sorry)
But I now found the problem and fixed/bypassed it.
To create the Partner entries I used existing ones (these will be cloned).
I created a dynamic querystring by getting a fieldmap for the partner object (Partner.sObjectType.getDescribe().fields.getMap() ).
This fieldMap was empty, causing my problems.
It seams the system mode used in Apex classes is not working when used for metadata calls.
I'm not sure if that's working as intended.
Maybe someone can check that / find the matching hints in official documents.
To solve my problem I'm using a hardcoded querystring now.
I do get a result and cloning it works good.
btw. what you wrote above (sharing..) is absolutly right. I tested it in my class and it behaved as expected.
Thanks so far
Stefan
All Answers
Apex code runs as system, unencumbered by security restrictions and sharing unless you tell apex you want that (in the case of sharing access). If you explicitly do NOT want sharing enforced on your queries then you should flag your class as "WITHOUT SHARING". This is the default for any class but if your queries are called by way of a class higher in the execution stack that declares WITH SHARING, then that is inherited unless you explicitly state otherwise.
Here's the link to the doc on this if you want to learn more.
You should not need to switch user context to simulate "view all data". You would need it if you actually wanted sharing to be enforced for a user other than the end/running user but that's not what it seems you are after here.
Hi Andrew,
I knew about these sharing-flags and already used them without any success. (should have metioned that in my entry post - sorry)
But I now found the problem and fixed/bypassed it.
To create the Partner entries I used existing ones (these will be cloned).
I created a dynamic querystring by getting a fieldmap for the partner object (Partner.sObjectType.getDescribe().fields.getMap() ).
This fieldMap was empty, causing my problems.
It seams the system mode used in Apex classes is not working when used for metadata calls.
I'm not sure if that's working as intended.
Maybe someone can check that / find the matching hints in official documents.
To solve my problem I'm using a hardcoded querystring now.
I do get a result and cloning it works good.
btw. what you wrote above (sharing..) is absolutly right. I tested it in my class and it behaved as expected.
Thanks so far
Stefan
What if we need to run as a specific user in a scheduled batch? We need to generate a list of child records for a parent record based on the parent record's owner, ie only populate the children with records that the parent's owner can access. Is there any way to do this?
Thanks,
--Sarah
That certainly sounds like an issue we need to investigate. Thanks for giving that detail.
Glad to help,
Andrew, as follow up to Sarah's question.
We need to execute a query on behalf of another user.
Ex: User creates an Action Item record (think of it as question to the field force), the question needs to apply only to Accounts accessible to the user. To do so we have an intermediate object, ActionItemAccount.
ActionItemAccount is refreshed nightly to reflect any changes in the users's access overtime.
The batch Deletes existing records, and recreates records based on the currently accessible to the user Accounts.
To do so the batch needs to query the Account object (Run As) the Owner of the Action Item.
Hope the above makes sense, can you please share your thoughts on the desired approach,
thank you,
A.