Query Indirect GroupMember Records

public-grouprolessoql

Is there a way to query GroupMembers who have been granted access indirectly, i.e. via a UserRole?

The GroupMember docs imply that no records are created but they are shown in the UI, so I am hoping it possible. For my scenario I really only need to be aware of the Role Id/Group Member. I do not need to traverse up through the role hierarchy.

A record exists for every User or Group who is a direct member of a
public group whose Type field is set to Regular. User records that are
indirect members of Regular public groups are not listed as group
members. A User can be an indirect member of a group if he or she is
in a UserRole above the direct group member in the hierarchy, or if he
or she is a member of a group that is included as a subgroup in that
group.

Best Answer

My experimentation seems to indicate that for a UserRole you add to a Group, Salesforce adds a Group with Type = 'Role' and RelatedId = <UserRole.Id>. You may need to separately process RoleAndSubordinates and/or RoleAndSubordinatesInternal, depending on your requirements.

Regardless, you should be able to query for the Id of the UserRole by iterating through the GroupMember records and filtering by Type. As there are many Type values to inspect, if you want to properly handle all of them you may need to do more legwork, as you shouldn't trust my back-of-the-napkin implementation. But it should get you started, hopefully.

Set<Id> roles = new Set<Id>();
Set<Id> rolesWithSubordinate = new Set<Id>();

Set<Id> groupIds = new Set<Id>();
for (GroupMember member : myGroup)
    groupIds.add(member.UserOrGroupId);

for (Group record : [
    SELECT Type, RelatedId FROM Group WHERE Id IN :groupIds
]){
    switch on record.Type
    {
        when 'Role'
        {
            roles.add(record.RelatedId);
        }
        when 'RoleAndSubordinates'
        {
            rolesWithSubordinate.add(record.RelatedId);
        }
    }
}
// query users with the above roles here

Related Solutions

[SalesForce] How do we get all the users who are part of public group of current logged in user

From my experience, accessing direct group members isn't too bad - you just iterate the group and for all user members just pull their details. If it is a group member, you just recursively call your function that iterates the group.

Where things get really sticky is when you try to figure out the indirect members - I've found that when you start trying to traverse the role hierarchy on a user by user basis, unless you have a flat structure you very quickly run out of SOQL queries.

Here's an example of traversing a group and subgroups to get all user ids:

    public static Set<id> GetUserIdsFromGroup(Id groupId)
    {
        // store the results in a set so we don't get duplicates
        Set<Id> result=new Set<Id>();
        String userType = Schema.SObjectType.User.getKeyPrefix();
        String groupType = Schema.SObjectType.Group.getKeyPrefix();

        // Loop through all group members in a group
        for (GroupMember m : [Select Id, UserOrGroupId From GroupMember Where GroupId = :groupId])
        {
            // If the user or group id is a user
            if (((String)m.UserOrGroupId).startsWith(userType))
            {
                result.add(m.UserOrGroupId);
            }
            // If the user or group id is a group
            // Note: there may be a problem with governor limits if this is called too many times
            else if (((String)m.UserOrGroupId).startsWith(groupType))
            {
                // Call this function again but pass in the group found within this group
                result.addAll(GetUSerIdsFromGroup(m.UserOrGroupId));
            }
        }

        return result;  
    }

[SalesForce] How to access all the public groups relatedto an user in apex

that will do the trick. what you basically have to do is to traverse through the nested groups by self referencing the getGroupsForIds() method

// return list of all groups the user belongs to via direct or indirect membership
public Group[] getGroupsForUser(Id userId){

    Set<Id> groupIds = getGroupsForIds(new Set<Id>{userId});
 return [
   select Id
        , Name
     from Group
    where Id IN: groupIds];

}

// return all ids the user belongs to via direct or indirect membership
public Set<Id> getGroupsForIds(Set<Id> userOrGroupIds){

    Set<Id> output = new Set<Id>();

    Set<Id> nestedGroupIds = new Set<Id>();

    // only query actual groups and not roles and queues
    list<GroupMember> records = [
        select id
             , GroupId
             , UserOrGroupId
          from GroupMember
         where UserOrGroupId =: userOrGroupIds
        and UserOrGroupId != null
           and Group.Type = 'Regular'];

    for (GroupMember record:records)
    {
        // found a group, remember for traversal
        if (!(record.UserOrGroupId + '').startsWith('005'))
        {
            nestedGroupIds.add(record.UserOrGroupId);   
        }
        else
        {
            output.add(record.GroupId);
        }
    }

    // call self to get nested groups we found
    if (nestedGroupIds.size() > 0)
    {
        output.addAll(getGroupsForIds(nestedGroupIds));
    }

    return output;
}

Best Answer

Related Solutions

[SalesForce] How do we get all the users who are part of public group of current logged in user

[SalesForce] How to access all the public groups relatedto an user in apex

Related Topic