Return to Question

edited title

Link

edited Aug 21, 2019 at 13:40

Knowledge Lover

Should child be createable based Sharing Setting on MAster Detail Field is not being enforced - Profile level Object access and Record sharing accessBug or correct SF behaviour

Source Link

asked Aug 21, 2019 at 13:24

Knowledge Lover

Should child be createable based on - Profile level Object access and Record sharing access

There are two Objects 'Parent' and 'Child'.

Two User Admin and LocalUser. As per the profile of LocalUser : Parent Object has Read permission Child Object Has CRU permission

OWD for Parent Object is Public read-only

On Child Object, for Master-Detail Field - the sharing setting is R/w - which means that child can be created only if the User has R/w access on Parent.

Now Admin creates and shares the parent-record1 manually with localUser and gives R/W Access.

If we query UserRecordAcccess for parent-record1 and LocalUser he has ReadAccess.

However, LocalUser is able to create Childrecord for parent-record1 even though he has only read Access. Is this a Bug or a correct behaviour?

Because Even if the record was shared with R/W access, the object level permission doesn't allow that, and user cannot edit it (till here it is good for me), but he can create its child(which goes against the child objects Master details field level sharing setting)

Any help is highly appreciated, Thanks !!