The absence of records indicates that they have *no* access to that field.
``` SELECT Id, Field, PermissionsRead, PermissionsEdit, SobjectType, Parent.Profile.Name, Parent.Label FROM FieldPermissions WHERE Field = 'Account.Type' ``` ##### Who does not have access to a field? ``` SELECT Id, Label, Profile.Name FROM PermissionSet WHERE ID NOT IN (SELECT ParentID FROM FieldPermissions WHERE Field = 'Account.Type') ``` ### Object Level Security [SOAP API Developer Documentation](https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_objects_objectpermissions.htm) ##### Who has access to an object by a specific Profile? ``` SELECT Id, Field, PermissionsRead, PermissionsCreate, PermissionsEdit, PermissionsDelete, PermissionsViewAllRecords, PermissionsModifyAllRecords, SobjectType, Parent.Profile.Name FROM ObjectPermissions WHERE Parent.Profile.Name = 'System Administrator' AND SobjectType = 'Account' ``` ##### Who has access to an object by a specific Permission Set? ``` SELECT Id, Field, PermissionsRead, PermissionsCreate, PermissionsEdit, PermissionsDelete, PermissionsViewAllRecords, PermissionsModifyAllRecords, SobjectType, Parent.Label FROM ObjectPermissions WHERE Parent.Label = 'Account Permission Set' AND SobjectType = 'Account' ``` ##### Who has access to a specific object?The absence of records indicates that they have *no* access to that object.
``` SELECT Id, Field, PermissionsRead, PermissionsCreate, PermissionsEdit, PermissionsDelete, PermissionsViewAllRecords, PermissionsModifyAllRecords, SobjectType, Parent.Label, Parent.Profile.Name FROM ObjectPermissions WHERE SobjectType = 'Account' ``` ##### Who does not have access to an object? ``` SELECT Id, Label, Profile.Name FROM PermissionSet WHERE ID NOT IN (SELECT ParentID FROM ObjectPermissions WHERE SobjectType = 'Account') ``` ### Setup Entity Access This object is for querying many object permissions in Salesforce. Those are:| **Type** | **Object API Name** | **Name Field** |
| Apex Class | ApexClass | Name |
| Visualforce Page | ApexPage | Name |
| Custom Metadata Type | EntityDefinition | QualifiedAPIName |
| Custom Setting | EntityDefinition | QualifiedAPIName |
| Applications (Apps in app launcher) | AppMenuItem | Name |
| Connected Applications | ConnectedApplication | Name |
| Custom Permission | CustomPermission | MasterLabel |
Pro-tip: You can update the settings from here with "Default On" or "Default Off". Deleting the row will make it "Hidden".
[Tooling API Documentation](https://developer.salesforce.com/docs/atlas.en-us.api_tooling.meta/api_tooling/tooling_api_objects_permissionsettabsetting.htm) Name is prepended with "standard-" for standard objects. Name is the API name of a custom object. ``` SELECT Parent.Name, Parent.Profile.Name, Visibility, Name FROM PermissionSetTabSetting WHERE Name = 'standard-Account' ``` ##### Profile Page Layout SettingsThe below are using the tooling API.
[Tooling API Documentation](https://developer.salesforce.com/docs/atlas.en-us.api_tooling.meta/api_tooling/tooling_api_objects_profilelayout.htm) ##### Standard Objects ``` SELECT Layout.Name, TableEnumOrId, Profile.Name, RecordType.Name FROM ProfileLayout WHERE TableEnumOrId = 'Account' ``` ##### Custom Objects First, retrieve the "Durable ID" of the object: ``` SELECT DurableId FROM EntityDefinition WHERE QualifiedAPIName = 'Account_Retention_Rate__c' ``` Then, query the Page Layout Settings: ``` SELECT Layout.Name, TableEnumOrId, Profile.Name, RecordType.Name FROM ProfileLayout WHERE TableEnumOrId = '01Io0000001KyaB' ```