Ask Search:
Nitin ParandeNitin Parande 

How to find list of Accounts a User has access to ?

Friends,

I have a requirment to create a service which takes input as a user ( userid) and the service needs to return the list of Accounts the user has access to. The user can get access to account  to all possible ways that salesforce can provide (Sharing rules, Role Hierharchies, Record Ownership, Account Team etc...).

 I looked around on AccountShare object, GroupMember, UserRecordAcess, Role  object. but could not really connect all the dots together to come up with logic to accomplish this.

USerRecordAccess has the details but you have to provide the USerid and Recordid in order to pull the records which does not fit my requirment.

Looking for any guidance.

Thanks,
Nitin Parande
Jeff MayJeff May
This Answers Community is focused on configuration and design questions. Programmatic questions are best submitted to
the developer forums at https://developer.salesforce.com where the forums and participants are geared toward programming troubleshooting and support.
Nitin ParandeNitin Parande
 Will post the question in developer forum as well. Was mostly looking for inputs  from design perspective on how Salesforce has architected the data model for this.
Amitkumar BangadAmitkumar Bangad
HI Nitin,

Functionally speaking "public with sharing" should do the trick,
https://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_keywords_sharing.htm

The with sharing keyword allows you to specify that the sharing rules for the current user be taken into account for a class. You have to explicitly set this keyword for the class because Apex code runs in system context. In system context, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren’t applied for the current user.

One more good read : https://developer.salesforce.com/page/Enforcing_CRUD_and_FLS


Cheers,
Amit
Doug YeagerDoug Yeager
This is a great question, and one that should be available within the UI (and not as a developer).   The logic is essentially to see what a user would see if they logged in and clicked on My Accounts, but iterating over all users.  This list can then be used to filter other data (perhaps coming from a third party system).