1

There are two Objects 'Parent' and 'Child'.

Two User Admin and LocalUser. As per the profile of LocalUser : Parent Object has Read permission Child Object Has CRU permission

OWD for Parent Object is Public read-only

On Child Object, for Master-Detail Field - the sharing setting is R/w - which means that child can be created only if the User has R/w access on Parent.

Now Admin creates and shares the parent-record1 manually with localUser and gives R/W Access.

If we query UserRecordAcccess for parent-record1 and LocalUser he has ReadAccess.

However, LocalUser is able to create Childrecord for parent-record1 even though he has only read Access. Is this a Bug or a correct behaviour?

Because Even if the record was shared with R/W access, the object level permission doesn't allow that, and user cannot edit it (till here it is good for me), but he can create its child(which goes against the child objects Master details field level sharing setting)

Any help is highly appreciated, Thanks !!

Improve this question

1 Answer 1

Reset to default
1

There's two types of controls you're asking about: sharing and profile permissions. The read-write restriction on master-detail relationships only cares about sharing, not profile permissions. If sharing says a user can edit a record (even if the profile restricts it), then they can create child records. This is the intended behavior of master-detail relationships. The user would also be able to add child records if they owned the parent, or if the Organization-Wide Defaults for the parent was public read-write.

Improve this answer
5
  • Hey @sfdcfox Thanks for responding ! I agree ! UserRecordAccess would give you the sharing access only i.e user’s access to records. and this query shows the access as readOnly. Commented Aug 21, 2019 at 16:14
  • My concern is I want to show/or hide a button that creates child records based on all these different accesses. My Algorithm is Commented Aug 21, 2019 at 16:18
  • if(child.isCreateable){isMasterReadonlyRequired = isCreateHistoryRequiresMasterRead(parentObjectName);//check sharing setting on Master Detail Field UserRecordAccess URA = checkRecordAccess(ParentId); if(isMasterReadonlyRequired && URA!=null && URA.HasReadAccess){ //then Show Create Child Page }else if(!isMasterReadonlyRequired && URA!=null && URA.HasEditAccess){ //then Show Create Child Page }/*else if(URA!=null && URA.HasReadAccess && ShareObject has R/w access){ //then Show }*/ } Else Hide the page Commented Aug 21, 2019 at 16:21
  • Is there a better way to do it ? Commented Aug 21, 2019 at 16:21
  • @KnowledgeLover I think you could just SavePoint sp = Database.setSavepoint(); Database.SaveResult result = Database.insert( new Child__c(Parent__c=parent.Id), false ); Database.rollback(sp); Boolean hidePage = !result.isSuccess() && result.getErrors()[0].getStatusCode() == StatusCode.INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY; Here, we just ask Salesforce to evaluate the save, and act accordingly. I'm pretty sure cross-reference checks have high priority over other validations (e.g. requiredness). Give it a try. Commented Aug 21, 2019 at 17:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.