I have the "Profile-Based Rollout of Chatter" feature enable in my org. Per this page users with certain permissions will automatically have Chatter enabled.
Naturally, I'd like to verify that the users who I do not want to have access to Chatter don't have access. I was thinking I could do some querying of the PermissionSet
and PermissionSetAssignment
objects, and came up with a query like:
select Assignee.name, Id, PermissionSet.name, SystemModstamp from PermissionSetAssignment where assignee.isactive = true and (permissionset.permissionsChatterOwnGroups = true OR permissionset.permissionsChatterFileLink = true or permissionset.permissionsChatterInviteExternalUsers = true or permissionset.permissionsManageChatterMessages = true or permissionset.permissionsModerateChatter = true or permissionset.permissionsViewAllData = true or permissionset.permissionsChatterEnabledforUser = true) order by permissionset.name, Assignee.name
However, I don't know if this query is thorough enough ensure I'm seeing all of the users who can currently access Chatter. So, how can I hunt down all users who have access to Chatter and determine why?
Best Answer
From the page you cited:
ChatterEnabledforUser
will be enabled by Salesforce in the Profile of ALL Users who have any of the permissions enabled on the list above for them as part of a Standard or Custom Profile. As such, the additional permissions you're querying for are not necessary if you're trying to establish a baseline of who can access Chatter. This permission is added to ALL of your Standard profiles, Custom Profiles that contained one of the above permissions, and ALL permission sets when Salesforce turns on Chatter for you.I'd think you'd want to know whether Chatter is enabled through a Profile as opposed to sharing through a permissionset. Consequently, I would add
ProfileId
to your query. Since it sounds as though you're a profile based Org as opposed to using groups and permission sets, you could create another query onUser
toselect Id, Name where ProfileId in: list of ProfileId's returned in permission query
. You could also try building your query starting from User rather than from permissionsets. That might make it easier to get a single result based on profiles along with any permissionsets you may have.