Question:
How to query user field permissions and the source of that permission in Veeva CRM?
Answer:
The following SOQL query based on the FieldPermissions table is very useful in determining user permission and the source of those permissions:
SELECT Field, Parent.Label, Parent.Profile.Name, PermissionsEdit, PermissionsRead, SobjectType
FROM FieldPermissions
WHERE ParentId in (SELECT PermissionSetId FROM PermissionSetAssignment WHERE Assignee.ID = '<User ID>')
AND Field In ('<Object API name>.<Field API name>')
Example:
To query the Call_Date_vod__c field on the Call object, the query and the result is displayed as shown in Workbench:
Field accesses specifically to users can also be checked via the UserFieldAccess table:
- Get the DurableId of the field by the query below:
SELECT DurableId
FROM UserFieldAccess
WHERE FieldDefinition.EntityDefinition.QualifiedApiName='<Object API name>'
AND FieldDefinition.QualifiedApiName='<Field API name>'
AND User.Id='<userId for the user you want to check field access for>' - Use the unique DurableId returned above to query UserFieldAccess.
SELECT DurableId,EntityDefinitionId,FieldDefinitionId,Id,IsAccessible,IsCreatable,IsUpdatable,UserId
FROM UserFieldAccess
WHERE DurableId = '<DurableId returned in query 1>'
Example for the Account.Name field:
Note: DurableId is a unique identifier for the field. Retrieve this value before using it, as the value is not guaranteed to stay the same from one release to the next.
Related Documentation:
N/A