Can we use custom setting to restrict access for a user

configurationcustomsettingpermission-setsprofilesalesforce1-app

Can we use hierarchical custom setting to restrict a particular user from deleting object record. The profile has Delete permission on profile for that object. And it should not be changed as per the business. So is there a way to restrict the access for only one user?

Best Answer

Yes you can have a hierarchy custom setting created StopDelete Create a new field as : 'ObjectNames', have all objects for which you need to disable delete in a , comma separated value.

For eg: ARecord__c,Account and User as a lookup of any user.

Then in you trigger, from before delete context just add a check:

trigger ARecordTrigger on ARecord__c (before delete) {

    String currentUserId = UserInfo.getUserId();
    StopDelete__c stopDeleteTrigger = StopDelete__c.getValues(currentUserId);
    if (stopDeleteTrigger != null && String.isNotBlank(stopDeleteTrigger.ObjectNames__c) &&
        stopDeleteTrigger.ObjectNames__c.split(',').contains(ARecord__c.getSObjectType().getDescribe().name)) {
        List<ARecord__c> aRecords = (List<ARecord__c>) Trigger.new;
        for (ARecord__c aRecord : aRecords) {
            aRecord.addError('Cannot delete record');
        }
    }
}

Related Solutions

[SalesForce] Restrict particular user permission

Ok. This is not easily explained. So brace for a long text:

Salesforce has basically two trees of security: Field-Level-Security and Sharing.

Field Level Security (FLS) controls what fields and objects a user can see. That's managed via profiles and permission sets. It means that a user will be able to see the Account tab and the Name Field and Birthday.

Sharing controls which records the user can see. It's managed via OWD (Org Wide Defaults), Roles and the View All and Modify all permissions of the FLS.

A user can have access to a object through its profile, but won't be able to see any records if the org sharing rules don't share the record with him.

Keep in mind that salesforce always will respect the least restricted rule applied to a user. So, in any of the cases, there's no way to allow access for everybody and them remove acces for a specific user. What you need to do is restrict access for everybody and then allow access for all user except one.

So, for short. You can give that specific user a different role, and the create a sharing rule on the object that shares all records with the roles of the other users.

This module of Trailhead will give you a very good explanation on how to do that.

[SalesForce] Hierarchical custom setting for field values

If it a hierarchy custom setting then you can access the custom setting using

$setup.CUSTOMSETTINGNAME.FIELDAPINAME

Now you can use formula's CONTAINSto check recordType Id is present all or not. Based on that return true or false

Best Answer

Related Solutions

[SalesForce] Restrict particular user permission

[SalesForce] Hierarchical custom setting for field values

Related Topic