Feedback
TWS Blog

Checking Objects Access with Apex

The Welkin Suite
Tutorial
Posted by username
Mar 27, 2017 684

There are 2 ways in Apex to get the describe information on sObject and the fields in Salesforce. The first one is Token — a lightweight, serializable reference to an sObject or a field that is validated at compile time. The second is a describeSObjects method — a method in the Schema class that performs describes on one or more sObject types. Both these structures return you Describe result — an object of Schema.DescribeSObjectResult type that contains all the describe properties for the sObject or field. Describe result objects are validated at runtime, and cannot be serializable. DescribeSObjectResult object is returned when performing the describe, using the sObject token or the describeSObjects method.

Checking Object Access ApexChecking Object Access Apex

But there is one interesting issue - these two ways can give different results, in the same conditions, when you will try to check is SObject isAccessible, isCreateable, isDeletable, isUndeletable, isUpdateable.

So, let’s take a look on this example to see this

We have 2 sObjects: testAccess1__c and testAccess2__c. Test user (not Admin) has full access to testAccess1__c, and does not have access to testAccess2__c.

Objects Access Level

Here is a Visualforce page and Apex controller to test how it works:

///page code
<apex:page controller="TestAccessibilityCtrl">
   <br/><p3 style="font-weight: bold;">test Schema.describeSObjects</p3><br/><br/>    
   Access Test1 Schema - {!AccessTest1Schema} <br/>
   Access Test2 Schema - {!AccessTest2Schema} <br/>
   
   <br/> <p3 style="font-weight: bold;">test SObject.getSObjectType()</p3><br/><br/>
 
   Access Test1 Describe by token - {!AccessTest1Describe} <br/>
   
   Access Test2 Describe by token - {!AccessTest2Describe} <br/>
   <br/> <p3 style="font-weight: bold;">test $ObjectType from VF</p3><br/><br/>
  
   Access Test1 VF - {!$ObjectType['testAccess1__c'].accessible} <br/>
   Access Test2 VF - {!$ObjectType['testAccess2__c'].accessible} <br/>

</apex:page>
 
///apex code with comments
public with sharing class TestAccessibilityCtrl {
	
    public TestAccessibilityCtrl(){
        system.debug(Schema.describeSObjects(new String[]{'testAccess2__c'})[0]);
        system.debug(testAccess2__c.getSObjectType().getDescribe());
    }
    
    public Boolean getAccessTest1Schema(){
        return Schema.describeSObjects(new String[]{'testAccess1__c'})[0].isAccessible();
    }
    
    public Boolean getAccessTest2Schema(){
        return Schema.describeSObjects(new String[]{'testAccess2__c'})[0].isAccessible();
    }
    
    public Boolean getAccessTest1Describe(){
        return testAccess1__c.getSObjectType().getDescribe().isAccessible();
    }
    
    public Boolean getAccessTest2Describe(){
        return testAccess2__c.getSObjectType().getDescribe().isAccessible();
    }
}

And here is the result

Results of Accessing Check

 

Also, let’s take a look at the debug log of two Schema.DescribeSObjectResult objects for testAccess2__c, which was obtained in two different ways:

Schema describe:

11:54:54:025 USER_DEBUG [5]|DEBUG|Schema.DescribeSObjectResult[…..getName=testAccess2__c;isAccessible=trueisCreateable=true; ….. isSearchable=false;isUndeletable=true;isUpdateable=true;]

Describe by token:

11:54:54:025 USER_DEBUG [8]|DEBUG|Schema.DescribeSObjectResult[….. getName=testAccess2__c;isAccessible=falseisCreateable=false; ….. isSearchable=false;isUndeletable=false;isUpdateable=false;]

As we can see, the value of isAccessible field is not the only thing that is different in this case.

After we received this result, we can try to understand why does it happen in this way, as developer.salesforce.com does not provide any good description, how both ways work.
Also, please note that here is also a third way to get these parameters - throw the Visualforce using - {!$ObjectType['testAccess1__c'].accessible}. This approach also returns the correct results.

 

  • Schema Class sends an apex call to get the describe information, and looks like it retrieves a description in System mode. That’s why it always returns true for getting object accessibility.
  • - SObjects (for example testAccess1__c  or testAccess2__c) have some special static methods and variables used for accessing token and describe result information. So in this case we will get the correct accessibility information.

It’s a known issue of Salesforce, because it was reported on success.salesforce.com

Here is the link to this issue, so you can also vote for this

https://success.salesforce.com/issues_view?id=a1p300000008djFAAQ

Checking Object Access Apex

Your comment may be the first

    Please log in to post a comment