It might be yesterday’s news (or, at least, it’s probably at least a month old now) that we have “Check Access” button in the model-driven apps:
This one is available from the command bar, and it allows us to check record access for any user in the system:
It can also track record sharing – for example, if the same record were shared with the test user above, that screen would have changed:
Which means this button makes it much easier to see which roles are involved, and, also, what kind of sharing has been implemented to give specific user access to that particular record.
Sometimes, though, that might not be enough to see why the user is experiencing security errors – there could be a plugin, there could be a workflows, or there could even be a javascript that required access to something else behind the scene. And you might not see it from the screenshot above, but what you do see is how to set up a user account to do a bit more detailed testing.
Except that you might need a user account to do that kind of security testing, and, sometimes, it might not be available.
Don’t you worry, though. The next button has you covered:
What does it do, exactly?
It allows you to promote yourself (or, I think, any other user) to a system administrator. Even if you are not a system administrator at that time. So, the way these two buttons might work together is:
- Using “Check Access”, you can figure out which permissions you need to test
- You can assign required roles to your own user account, do record sharing as required, then remove “System Administrator” role from your account
- From there, you can do the testing, figure out what’s wrong, and use “Promote to Admin” to get your “System Administrator” role back
There is a catch, though, so don’t jump into it yet. Before you do anything else, you’ll need to make sure you have “Promote to Admin” privilege:
There is a hidden “Support User” role which has that permission, but I find it awkward working with a hidden role – instead, it might be easier to create a new role with that one permission, assign it to yourself, and, from there, you’ll be good to go. As soon as that role is associated to your user account, you can always get your “system admin” privileges back.
Thanks for the great post. I was not aware of these featured.
Though, I coudn’t find the Check Access button. In what screen of the app should I look for it? Can you please post a screenshot maybe?
Thanks,
Gil.
The promote to admin is a great tip!
Makes it possible to switch to a lower set of credentials…test…and jump back to admin.