title | description |
---|---|
Steampipe Table: salesforce_object_permission - Query Salesforce Object Permissions using SQL |
Allows users to query Salesforce Object Permissions, specifically the permissions that users have on Salesforce objects. |
Salesforce Object Permissions is a feature within Salesforce that allows you to control the level of access that users have to Salesforce objects. It provides a way to set up and manage permissions for various Salesforce objects, including accounts, contacts, leads, and opportunities. Salesforce Object Permissions helps you maintain the security and integrity of your Salesforce data by ensuring that users only have the appropriate level of access to Salesforce objects.
The salesforce_object_permission
table provides insights into the permissions that users have on Salesforce objects. As a Salesforce administrator, explore permission-specific details through this table, including the Salesforce object that the permission applies to, the type of permission, and the user or profile that the permission is associated with. Utilize it to uncover information about permissions, such as those that allow users to view, create, edit, or delete Salesforce objects.
Important Notes
- If the
naming_convention
configuration argument is set toapi_native
, please see API Native Examples.
Explore which Salesforce object permissions allow for modification or viewing of all records. This is beneficial for assessing user access rights and ensuring appropriate security measures are in place.
select
id,
parent_id,
sobject_type,
permissions_modify_all_records,
permissions_view_all_records
from
salesforce_object_permission
order by
sobject_type;
select
id,
parent_id,
sobject_type,
permissions_modify_all_records,
permissions_view_all_records
from
salesforce_object_permission
order by
sobject_type;
Determine the areas in which specific permissions are granted for transferring leads. This query is useful for assessing user permissions and ensuring appropriate access control within your Salesforce environment.
select
sop.id,
sop.parent_id,
sps.name,
sps.permissions_transfer_any_lead,
sop.sobject_type,
sop.permissions_read,
sop.permissions_create
from
salesforce_object_permission sop,
salesforce_permission_set sps
where
sobject_type = 'Lead' and
sps.id = sop.parent_id;
select
sop.id,
sop.parent_id,
sps.name,
sps.permissions_transfer_any_lead,
sop.sobject_type,
sop.permissions_read,
sop.permissions_create
from
salesforce_object_permission sop,
salesforce_permission_set sps
where
sobject_type = 'Lead' and
sps.id = sop.parent_id;
If the naming_convention
config argument is set to api_native
, the table and column names will match Salesforce naming conventions.
Determine areas in which users have comprehensive permissions, such as the ability to view or modify all records, to understand potential security risks and compliance issues in your system.
select
"ID",
"ParentID",
"SobjectType",
"PermissionsModifyAllRecords",
"PermissionsViewAllRecords"
from
"ObjectPermission"
order by
"SobjectType";
select
"ID",
"ParentID",
"SobjectType",
"PermissionsModifyAllRecords",
"PermissionsViewAllRecords"
from
"ObjectPermission"
order by
"SobjectType";
Determine the areas in which users have delete permissions to understand potential security risks or areas for access management improvements. This query is useful for administrators looking to optimize user roles and permissions.
select
"ID",
"ParentID",
"SobjectType",
"PermissionsModifyAllRecords",
"PermissionsViewAllRecords"
from
"ObjectPermission"
where
"PermissionsDelete";
select
"ID",
"ParentID",
"SobjectType",
"PermissionsModifyAllRecords",
"PermissionsViewAllRecords"
from
"ObjectPermission"
where
"PermissionsDelete";
Explore which Salesforce objects a user has read permissions for, allowing you to understand and manage access rights effectively. This can be particularly useful for auditing user permissions or troubleshooting access issues.
select
"ID",
"ParentID",
"SobjectType",
"PermissionsModifyAllRecords",
"PermissionsViewAllRecords"
from
"ObjectPermission"
where
"PermissionsRead";
select
"ID",
"ParentID",
"SobjectType",
"PermissionsModifyAllRecords",
"PermissionsViewAllRecords"
from
"ObjectPermission"
where
"PermissionsRead";