[SalesForce] Retrieving Profile with all Components Permissions using Metadata API

We have an application which retrieve Profiles from an Organisation but if we retrieve profile without specifying custom object or other component in package.xml file then it doesn't retrieve permission of any object. It returns user settings only, no other component permissions.

According to the documentation:

The content of a profile returned by Metadata API depends on the
content requested in the RetrieveRequest message. For example,
profiles only include field-level security for fields included in
custom objects returned in the same RetrieveRequest as the profiles.
The profile definition contains the following fields:

When you use the retrieve() call to get information about profiles in
your organization, the returned .profile files only include security
settings for the other metadata types referenced in the retrieve
request (with the exception of user permissions, IP address ranges,
and login hours, which are always retrieved). For example, the
package.xml file below contains a types element that matches all
custom objects, so the returned profiles contain object and field
permissions for all custom objects in your organization, but do not
include permissions for standard objects, such as Account, and
standard fields.

It is also mentioned in a question's answer as well.

Problem is that we don't want custom object or other components in retrieved file because we already have. Is there any way by which we can skip other components definition retrieval in zip file but we get all components permission in profile?

Best Answer

Quick answer: no.

Long answer: There is no current way to do this without fetching them all and then ignoring the unnecessary stuff. The product managers know about this and have received enough feedback from the field. They are working on it but no solution right now.

I would love to be wrong about this though.

Good luck!

Sridhar

Related Solutions

[SalesForce] How to match profile name to ant metadata profile name and vice versa

I think I have finally found the solution.

While one of the possible point-and-click way is suggested by @user3375426 to create an outbound changeset and click add Profiles there (I have added here two screenshots, one for Professional Edition standard profiles mappings and another one for Enterprise Edition standard profile mappings),

another programmatic way is to query Fullname field on Profile using Tooling API.

In Tooling API, name field corresponds to the displayed name of Profile and Fullname field corresponds to Developer API Name of Profile. It is not possible to query by Fullname and query to retrieve Fullname are limited by 1 row, so it is not possible to get Developer API Name of every profile at once, however, it is possible to query one by one and retrieve their API name in such way.

For example, to find 'System Administrator` profile, the following query can be used

select id, name, fullName from Profile where name like '%admin%' limit 1

Also, we can verify that StandardAul is the Standard Platform User profile by making query

select id, name, fullName from Profile where name='Standard Platform User'

So the query results confirm that StandardAul is the Standard Platform User profile.

Just to summarize, the mappings for Standard Profiles in Professional Edition

Name                 API Name
Contract Manager     ContractManager
Marketing User       MarketingProfile
Solution Manager     SolutionManager
Read Only            ReadOnly
Standard User        Standard
System Administrator Admin

and the mappings for Standard Profiles in Enterprise Edition

Name                               API Name
Contract Manager                   ContractManager
Marketing User                     MarketingProfile
Solution Manager                   SolutionManager
Read Only                          ReadOnly
Standard User                      Standard
System Administrator               Admin
External Identity User             External Identity User
Guest License User                 Guest License User
High Volume Customer Portal User   High Volume Customer Portal User
Customer Community User            Customer Community User
Customer Community Plus User       Customer Community Plus User
Partner Community User             Partner Community User
Partner Community Login User       Partner Community Login User
Work.com Only User                 Work.com Only User
Chatter Only User                  Chatter Only User
Analytics Cloud Security User      Analytics Cloud Security User
Analytics Cloud Integration User   Analytics Cloud Integration User
Customer Community Login User      Customer Community Login User
Company Communities User           Company Communities User
Customer Community Plus Login User Customer Community Plus Login User
Standard Platform User             StandardAul

[SalesForce] Migration of Standard Object Permissions using meta data deploy

A bunch of metadata in Profiles are designed as a sparse matrix. In other words, if the security is set to false, it will not be present in the XML returned to you. This makes sense from salesforce perspective as they treat absence as a negative value. However, if you need to make changes to the XML after getting it from salesforce, this becomes a problem. Or worse, if you are trying to "turn off" permissions at the destination.

No way around this at the moment. You have to do this manually at the destination. Or edit the XML manually and then migrate.

Shameless plug: I deal with this on an everyday basis when supporting my product, SnapShot for change and release management. I can demo how we are helping you solve the problem in our product, if you are interested. It is a paid product.