I'm trying to use the Tooling REST API to create a new CustomField and then add it to certain Profile and PermissionSet metadata with read/edit access appropriate to those profiles / permissionsets. Creating the field itself is straightforward, but I haven't been able to successfully retrieve or manipulate the field-level access for my newly created fields.
I can accomplish this same task using the Metadata API by accessing ProfileFieldLevelSecurity and PermissionSetFieldPermissions respectively, but I'm wondering if it's possible to do the same thing using the Tooling API (which is presumably faster).
I can retrieve MyPermissionSet using this SOQL query on the /query endpoint, but it doesn't include field level permissions:
/query/?q=Select%20Id%2C%20Name%20from%20PermissionSet%20where%20name%20%3D%20%27MyPermissionSet%27%0D%0A
Similar SOQL queries over the Tooling API to fetch PermissionSetFieldPermissions or ProfileFieldLevelSecurity return with an error saying those objects are not supported.
Is it possible to update field-level security over the Tooling API? If so, what would an example request look like? Thanks.
Best Answer
The objects you're looking for are UserEntityAccess and UserFieldAccess, for object security and field security, respectively. Unfortunately, it appears that these tables are read-only, so you're still stuck with using the Metadata API, as far as I can tell.
Edit: You can now Create, Read, Update, and Delete FieldPermissions via the REST API, (note: not the Tooling API, just the normal REST API), so it is possible to automate this process as a separate step after using the Tooling API to create the field.