function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
kerryland6kerryland6 

Metadata api -- how read a profile's permissions?

How can I READ an existing profile's "ProfileObjectPermission" using the metadata api?

 

I can see that I can UPDATE it with code something like that shown below, but it's very hard to update a profile if I can't read it in the first place.

 

Do I really have to get it file the file-based api and parse the XML myself?

 

Thanks

Kerry 

 

PS: Here's the code to update a profile -- but what does the code to read it look like?

 

// Set permissions for a table

ProfileObjectPermissions pop = new ProfileObjectPermissions();

pop.setAllowCreate(true);

...

pop.setTable("Sometable__c");

 

// Connect the permissions to a profile

 

Profile profile = new Profile();
profile.setFullName("Standard");
profile.setObjectPermissions(new ProfileObjectPermissions[]{pop});
// Update the profile
UpdateMetadata[] metadata = new UpdateMetadata[1];
metadata[0].setMetadata(profile);
metadataConnection.update(metadata);

 

 

dkadordkador

You should use the retrieve portion of the API to get information about existing components.  The docs should have details on how to use it.

kerryland6kerryland6

I think you'll find that the "retrieve" method simply pulls back lumps of XML... I knew about that one already :-)

 

It's strange that there is no nicely typed equivalent. Hi ho. Salesforce is full of apparently illogical decisions.

dkadordkador

Nevertheless, it's your only option for now.

munish9091@gmail.communish9091@gmail.com

I used this to fetch profile permissions ,This is not using the metadata api but hope this helps 

 

List<ObjectPermissions> ppList= [SELECT id,ParentId,PermissionsCreate,PermissionsDelete,PermissionsEdit,PermissionsModifyAllRecords,PermissionsRead,PermissionsViewAllRecords,SobjectType FROM ObjectPermissions WHERE parentid in (select id from permissionset where profileid <> null)];

boBNunnyboBNunny
As mentioned by Munish, ObjectPermissions (and FieldPermissions) can both show you the CRED for a given object for a profile and/or PermissionSet.  In addition, please remember that ALL profiles are ALSO PermissionSets (IsOwnedByProfile=true), so you can have your queries start there and use the Parent.Name to find the profile name or other fields.

Unfortunately, one of the more important permissions - tabs - cannot be retreived this way.  A glaring hole in my opinion.  Why open some (attributes, object, field), but not others (tabs, record types, etc).  Very illogical.