Blog

Troubleshoot User Access with SOQL

Why User Access in Salesforce?

When working with Salesforce, ensuring users have the right data access is crucial for business operations. Users may encounter issues accessing certain records due to permission settings, sharing rules, or visibility configurations. This blog will guide you through troubleshooting user access issues using Salesforce Object Query Language (SOQL).

Understanding User Access in Salesforce

User access in Salesforce is governed by :

  • Profile Permissions : Define what users can see and do.
  • Role Hierarchy : Controls record visibility based on user roles.
  • Sharing Rules : Determine how records are shared among users.
  • Field-Level Security : Controls visibility of individual fields.

Steps to Troubleshoot User Access Issues

1. Identify the User’s Profile and Role

  • Check the user’s profile and role. Profiles determine access to objects and fields, while roles influence record visibility within the organisation.

2. Use SOQL to Query User Permissions

  • Use SOQL to inspect user permissions and record visibility. Here’s a query to check the user’s profile :
SELECT Id, Name, Profile.Name FROM User WHERE Id = ‘userId’

Replace ‘userId’  with the actual User ID. This query returns the user’s profile name, helping you identify access permissions. Refer to the below mentioned screenshot for reference.

Screenshot

3. Check Object and Field Permissions

To further investigate, examine the object and field permissions associated with the user’s profile :

SELECT SObjectType, PermissionsRead, PermissionsCreate, PermissionsEdit, PermissionsDelete FROM ObjectPermissions WHERE Parent.ProfileId = 'profileId'

Replace ‘profileId’ with the user’s profile ID from the previous query. This will display the allowed operations on objects.Refer to the below mentioned screenshot for reference.

Screenshot

4. Analyze Sharing Settings

If the user has the correct profile permissions but still can’t access records, sharing settings may be the issue. Run the following query to check sharing rules :

SELECT ParentId, UserOrGroupId, AccessLevel FROM ObjectShare WHERE ParentId = ‘recordId’

Replace ‘recordId’ with the ID of the inaccessible record. This will reveal how the record is shared and the user’s access level. Refer to the below mentioned screenshot for reference.

Screenshot

5. Validate Role Hierarchy 

Role hierarchy affects visibility, so confirm that the user’s role is set correctly. If the user’s role is lower than the record owner’s, they may not see the record.

6. Examine Field-Level Security

Field-level security can restrict access to specific fields. Check visible fields by querying field permissions associated with the user’s profile :

SELECT SObjectType, Field, PermissionsRead, PermissionsEdit FROM FieldPermissions WHERE Parent.ProfileId = ‘profileId’

Replace ‘profileId’ with the user’s profile ID. Refer to the below mentioned screenshot for reference.

7. Use the Salesforce Setup Menu

While SOQL is powerful, the Salesforce Setup menu provides an intuitive way to manage permissions. Navigate to :

  • Setup > Users :
    • This section allows you to view and manage user details, including their profiles, roles, and permissions. You can deactivate users, reset passwords, and monitor login history to ensure proper access.
  • Setup > Profiles :
    • Here, you can review and modify profile settings that determine user permissions for different objects and fields. This includes access levels for various functions, such as creating, editing, or deleting records.
  • Setup > Roles :
    • This section helps you understand the role hierarchy within your organisation. You can view how roles are structured and adjust them to ensure appropriate record visibility based on the organisation’s needs. Users in higher roles can see records owned by users in lower roles.