Object Permissions - Basic Functionality

When dealing with Profiles and CRED there are three objects involved:

  • Profile object
  • PermissionSet object
  • ObjectPermissions object

Note: Every Profile has a corresponding child PermissionSet record, as indicated by the ProfileId field on the PermissionSet record. When dealing with Permission Sets, the Profile object doesn’t factor in.

For every combination of Profile and Object, there is a corresponding ObjectPermissions record with six boolean fields that control the access level for that Profile to that object. The same goes for Permission Sets. Those six fields are:

  • PermissionsCreate
  • PermissionsDelete
  • PermissionsEdit
  • PermissionsRead
  • PermissionsViewAllRecords
  • PermissionsModifyAllRecords

Note: If a Profile or Permission Set has no access to an object, then there is no ObjectPermissions record for that object/profile combination. You cannot have an ObjectPermissions record where all “permissions” fields are FALSE.

In addition to these boolean fields, there are two other uneditable fields which indicate which object the record is related to (sObjectType), as well as the related Permission Set (ParentId). Remember, even if the ObjectPermissions record is controlling access for a Profile, it will be related to a Permission Set. That Permission Set will have the Id of the corresponding Profile in the ProfileId field.

When a Profile or Permission Set is granted access to an Object, Salesforce automatically creates a new ObjectPermissions record. When access to that Object is removed, Salesforce deletes that record.


Revision #2
Created Wed, Jul 8, 2020 6:52 PM by Justin Mitchell
Updated Wed, Jul 8, 2020 6:57 PM by Justin Mitchell