Apex Code Development You need to sign in to do that
Don't have an account?
Force.com AccountShare issue
Hello,
1. I have a custom object Placement. This has a master-detail relationship to Account.
2. For a profile for custom portal user, the Object level permissions for Account are set to read access and for Placement are set read and edit access.
3. I have a Share that is programmatically created using Apex sharing rules to grant edit permissions for certain Accounts for a portal user.
4. Now when this user logs on the portal, the Account appears read only. This is as expected, as the Standard object permissions are set to Read for Account.
5. Now in the customer portal, when this user goes to Placement which is a child of the account, the placement record shows up as expected with an Edit button. However clicking on Edit button brings up a page that you do not have access permissions to edit this record. However the custom object permissions are set to “Edit” for Placement. Also Apex sharing rule had set Edit permission for Account which is parent (using Master Detail) of Placement.
It is not clear why the Placement is not editable, if the Edit permission is granted at an Account level by the Apex share, and also custom object permissions are set to Edit for Placement.
Any help will be highly appreciated.
Thanks
Custom Portal users can't be given edit access to the Account object (even with Apex). Check out this thread for more details - http://boards.developerforce.com/t5/Apex-Code-Development/How-to-set-access-level-permissions-for-account-object-through/m-p/240453#M42234.
Is it possible to give account's child(Placement) to have "Edit" permissions?
Through Apex code, I have given "Edit" access to Account through AccountShare so that Account's child Placement (Master-detail) would have "Edit" access. But When i logged in portal and clicked on "Edit" button of Placement record, it says, "you have insuffcient priviledges".
Plz help..its urgent
Since your child record (Placement) has a Master-Detail relationship to the Account object, itssecurity permissions/priveleges are determined by the permissions the user has on the parent (i.e. Account) object. In other words, since you can't give Edit priveleges to the Account object for Customer Portal users (even with Apex. Adding anything to the AccountShare object via Apex will have no affect for CP users), you can't give Edit privileges to the Child object either.
The only option that I can see for you is to make the relationship between Account-->Pacement a lookup instead of M-D. That way you'll be able to control the priveleges on the Placement object independent of the Account object. CP users still won't have Edit privelges to the Account object, but you should be able to give them Edit priveleges to the Placement object if you make the relationship a lookup.
Hope this helps...
The post has been started on my behalf so please allow me to chime in.
I understand the issue about account edit restriction on cp users, although I am able to defy this manually.
By going to the shared account record, I am able to click on the sharing button, and edit the permission of the share for the portal user, from read, to read write.
Whilst this still does not give edit access to the account record, it does inherit downwards through the MD relationship, to the required child object records, facilitating the appropriate edit able behaviour in the portal by the cp user, as set by their profile.
So I remain baffled as to why this permission can be set manually, but not through the code.
If it changes anything…I am not using the standard customer portal user license, but am using 'customer portal manager custom' licenses.