Apex Code Development You need to sign in to do that
Don't have an account?
Is it possible to transfer ownership to a user who does not have read permission on object
Till I post this question, I was in assumption that the answer for my question is "No, it is not possible to update owner of a record to a user who does not have Read access at the object level". But, my simple tiny program made me so confused.
Here is the scenario, Let us consider there are two users:
Now, when I try to change the owner of that record to 'Restricted User'(who does not have read access on Account) in Standard UI by clicking on 'Change' link at the owner field, I am getting 'Transfer Requires Read - The new owner must have "Read" permissions on this type of record.' error. This is expected, as per my knowledge.
But, when I try to change the owner of that record to 'Restricted User'(who does not have read access on Account) using Apex, I am able to change the owner successfully, which I didn't expect. I have used the below code for updating the owner:
One more observation in the same scenario is, though the 'Restricted User' became owner of the record, he is getting insufficient privileges while trying to access the record. I think, this is somehow okay, because Profile permission takes the high priority than anything else while deciding the accessibility.
Can some help me to understand, if this is expected behavior, or is there any silly mistake that I might be doing.
Here is the scenario, Let us consider there are two users:
- 'Admin User'(Myslef) - having System Admin profile
- 'Restricted User' - having some custom profile, and does not have read access on Account object. Do not have View All an Modify All permissions, and no other permission sets are assigned.
Now, when I try to change the owner of that record to 'Restricted User'(who does not have read access on Account) in Standard UI by clicking on 'Change' link at the owner field, I am getting 'Transfer Requires Read - The new owner must have "Read" permissions on this type of record.' error. This is expected, as per my knowledge.
But, when I try to change the owner of that record to 'Restricted User'(who does not have read access on Account) using Apex, I am able to change the owner successfully, which I didn't expect. I have used the below code for updating the owner:
Account acc = new Account(); acc.Id='00190000024XXXX'; //Record Id acc.OwnerId = '0059000000XXXXX'; //Restricted User Id update acc;I have tried this in three different places/ways: 1.Running as Anonymous Code in Developer Console, 2.in Apex Cpntroller using Without Sharing, 3.in Apex Cpntroller using With Sharing. It is getting succeeded in all the three ways.
One more observation in the same scenario is, though the 'Restricted User' became owner of the record, he is getting insufficient privileges while trying to access the record. I think, this is somehow okay, because Profile permission takes the high priority than anything else while deciding the accessibility.
Can some help me to understand, if this is expected behavior, or is there any silly mistake that I might be doing.
Being an owner won't magically allow you to view that record if you don't have Permission to View that Object.
Profile Permission means do you have the ability to read or edit(OBJECT BASIS), Can I edit/view account?
OWD/Sharing/Owner means do you have access to that record or not(RECORD By RECORD BASIS). Do I have access to edit/view this specific account record?
So coming to your question. The Restricted profile User can be owner, It means he can Access the record if he has permission to view the Object. As OwnerID is just a field in the database, its nothing more than having a text field.
In Standard UI , SF UI Presentation Layer has added few extra validations to alert all users when they share or change ownership if that assigned user won't be able to access that record(Low price licenses which do not have Apex)
- https://www.youtube.com/watch?reload=9&v=jDYfTfaqclk
Hope this helps.Kindly mark this as solved if the reply was helpful so that it gets removed from the unanswered queue which results in helping others who are encountering a similar issue.
Thanks,
Nagendra
Please ignore the discussion discussion on 'owner is not able to see record', because as I mentioned earlier that is expected and I knew that it is happening based on Profile permissions.
My primary question is on 'changing ownership to a user who does not have read access on the object at profile level'. From your answer, let's say if we consider it is accepted to change ownership to such user, then what is the purpose of System.DmlException: Update failed. first error: TRANSFER_REQUIRES_READ, The new owner must have read permission: [] exception.