+ Start a Discussion
brielea1984brielea1984 

Visualforce Pages and Profile Security Settings

A problem I'm having with my visualforce pages is that if I have a tab that is a related list of an object that is not visible to a certain profile, they cannot access the overall page at all.

 

Example: My contact object has been made into a tabbed visualforce page. One of the tabs is the related list, Case Notes using the <apex:related list> function. . I did a test where the Visualforce page is available to a profile called Basic. the Basic profile has full access to the Contact object, but no access whatsoever to the Case Note object. When clicking on a contact, I get the error that the relationship with the Case Notes is not a relationship.

 

How do I override this other than making Case Notes available but making each field hidden for the Basic profile? Is there a way in coding to allow the Basic profile to see everything but the related list for Case Notes does not appear on the tab?

 

Thanks!

bob_buzzardbob_buzzard

What type of controller is your visualforce page using?  AFAIR standard controllers run in the context of the logged in user, but extensions and custom controllers run in the system context.  

brielea1984brielea1984

I'm still a little new to VF so I'm not sure what you mean by AFAIR standard controller. I don't have an extension, here's a sample of my code:  

 

<apex:page standardController="Contact" showHeader="true" sidebar="true" tabStyle="Contact" title="test">
     <apex:tabpanel switchtype="client" id="ContactTabPanel" selectedtab="Contacts">
        <apex:tab label="Contact Detail" name="Contacts" id="ContactDetails">
               <apex:detail title="true" relatedList="true" inlineEdit="true"/>
        </apex:tab>
        <apex:tab label="Case Notes" id="CaseNoteTab">
            <apex:relatedList subject="{!Contact}" list="Notes__r"/>
         </apex:tab>                                                
   </apex:tabpanel>
</apex:page>

 Any ideas/thoughts? Thanks for your time!

bob_buzzardbob_buzzard

I think the issue here is the standard controller - that will respect the profile and permissions of the currently logged in user.  

 

There's more information at:

 

http://www.salesforce.com/us/developer/docs/pages/index_Left.htm#CSHID=pages_controller.htm|StartTopic=Content%2Fpages_controller.htm|SkinName=webhelp

fredkafredka
Bob, in my case I am using the tabbed accounts override for the account standard page layout.  I have tabs for several custom objects.  If a profile does not have access to that object, they get an error on the VF page. I was hoping that the VF page would render but just not show the tab that the profile does not have access to.  Is there any way around this (to get the page to render but only show the objects that the profile has access to) Like the standard layout behaves?  Thanks!  Fred