Sometimes we may need to update ALL field permission of a user profile due to different purpose, like audit requirement or ISO requirement.
It can be very time-consuming to do it in UI level . For example, auditor asked to block ALL field "edit" permission of all "Clerk" profile user. You have to go to every object, and untick each field's security checkbox . There is a better way to handle this batch permission update , using "Apex program"
Code below demonstrate how to remove Clerk user's field edit permission right of multiple objects .
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | // Multiple object names into the list List<String> validTypeList = new List<String>{'Account','Case','Contact','CustomObj__c'}; //ClerkUser can be replaced by any profile name //Use PermissionsRead if "Read" permission is needed List<FieldPermissions> fpList = [SELECT SobjectType, Field, PermissionsEdit, Parent.ProfileId FROM FieldPermissions WHERE SobjectType IN :validTypeList AND PermissionsEdit=TRUE AND ParentId IN (SELECT Id FROM PermissionSet WHERE PermissionSet.Profile.Name = 'ClerkUser')]; if(!fpList.isEmpty()){ List<FieldPermissions> updatefpList = new List<FieldPermissions>(); for(FieldPermissions fp:fpList){ fp.PermissionsEdit = false; updatefpList.add(fp); } update updatefpList; //Print Total field edit permissions REMOVED system.debug('UpdatefpList Edit Permission - ' + updatefpList.size()); } |
No comments:
Post a Comment