function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Metadata api -- how read a profile's permissions?

How can I READ an existing profile's "ProfileObjectPermission" using the metadata api?


I can see that I can UPDATE it with code something like that shown below, but it's very hard to update a profile if I can't read it in the first place.


Do I really have to get it file the file-based api and parse the XML myself?





PS: Here's the code to update a profile -- but what does the code to read it look like?


// Set permissions for a table

ProfileObjectPermissions pop = new ProfileObjectPermissions();





// Connect the permissions to a profile


Profile profile = new Profile();
profile.setObjectPermissions(new ProfileObjectPermissions[]{pop});
// Update the profile
UpdateMetadata[] metadata = new UpdateMetadata[1];




You should use the retrieve portion of the API to get information about existing components.  The docs should have details on how to use it.


I think you'll find that the "retrieve" method simply pulls back lumps of XML... I knew about that one already :-)


It's strange that there is no nicely typed equivalent. Hi ho. Salesforce is full of apparently illogical decisions.


Nevertheless, it's your only option for now.

I used this to fetch profile permissions ,This is not using the metadata api but hope this helps 


List<ObjectPermissions> ppList= [SELECT id,ParentId,PermissionsCreate,PermissionsDelete,PermissionsEdit,PermissionsModifyAllRecords,PermissionsRead,PermissionsViewAllRecords,SobjectType FROM ObjectPermissions WHERE parentid in (select id from permissionset where profileid <> null)];

As mentioned by Munish, ObjectPermissions (and FieldPermissions) can both show you the CRED for a given object for a profile and/or PermissionSet.  In addition, please remember that ALL profiles are ALSO PermissionSets (IsOwnedByProfile=true), so you can have your queries start there and use the Parent.Name to find the profile name or other fields.

Unfortunately, one of the more important permissions - tabs - cannot be retreived this way.  A glaring hole in my opinion.  Why open some (attributes, object, field), but not others (tabs, record types, etc).  Very illogical.