It might be yesterday’s news (or, at least, it’s probably at least a month old now) that we have “Check Access” button in the model-driven apps:
This one is available from the command bar, and it allows us to check record access for any user in the system:
It can also track record sharing – for example, if the same record were shared with the test user above, that screen would have changed:
Which means this button makes it much easier to see which roles are involved, and, also, what kind of sharing has been implemented to give specific user access to that particular record.
Except that you might need a user account to do that kind of security testing, and, sometimes, it might not be available.
Don’t you worry, though. The next button has you covered:
What does it do, exactly?
It allows you to promote yourself (or, I think, any other user) to a system administrator. Even if you are not a system administrator at that time. So, the way these two buttons might work together is:
- Using “Check Access”, you can figure out which permissions you need to test
- You can assign required roles to your own user account, do record sharing as required, then remove “System Administrator” role from your account
- From there, you can do the testing, figure out what’s wrong, and use “Promote to Admin” to get your “System Administrator” role back
There is a catch, though, so don’t jump into it yet. Before you do anything else, you’ll need to make sure you have “Promote to Admin” privilege:
There is a hidden “Support User” role which has that permission, but I find it awkward working with a hidden role – instead, it might be easier to create a new role with that one permission, assign it to yourself, and, from there, you’ll be good to go. As soon as that role is associated to your user account, you can always get your “system admin” privileges back.