In API version 44, DescribeSObjectResult.getChildRelationships() checks Read Access to the child entity and parent relationship field

In API version 44, DescribeSObjectResult.getChildRelationships() checks Read Access to the child entity and parent relationship field

Apex , Winter 19

Last updated 2019-02-23 ·Reference W-5679201 ·Reported By 39 users

Fixed - Spring '19 Patch 8.0

Summary
In API version 44, DescribeSObjectResult.getChildRelationships() only returns child relationships if the running user's profile provides Read access to the corresponding child entities, and Read access to the corresponding relationship fields.

For example, if a user with a custom profile doesn't have Read access to Order, its relationship with Opportunity won't be returned by getChildRelationships(). The same issue will happen if a user with a standard profile has Read access to Order, but no access to the Opportunity lookup field.

NOTES:

1) If the critical update "Enable Improved Caching of Org Schema" (https://releasenotes.docs.salesforce.com/en-us/spring19/release-notes/rn_apex_enable_improved_schema_caching.htm) is enabled, getChildRelationships() works as explained above regardless the API version of the Apex class where this method is used.

2) If the relationship is provided via a master-detail relationship field, getChildRelationships() just checks that the running user's profile provides Read access to the child entity, as Read access to the parent master-detail field cannot be removed.

Repro
1) Create below Apex class using API version 44 or above:

public with sharing class W5679201cont {
public String debug {
get {
String d = '';
for(Schema.ChildRelationship cr : new Opportunity().getsObjectType().getDescribe().getChildRelationships())
d += cr.getChildSObject() + '<br/>';
return d;
}
}
}

2) Create below Visualforce page (name: W5679201):

<apex:page controller="W5679201cont">
<apex:outputText value="{!debug}" escape="false"/>
</apex:page>

3) Create a custom object called "Opportunity Child" with a master-detail relationship with Opportunity.

Scenario 1:
1) As a user with a standard System Administrator profile (that has Read access on Order by default), ensure FLS (field level security) on the Order entity doesn't provide access to the Opportunity lookup field.

2) Navigate to /apex/W5679201. Order is not displayed in the list of child relationships.

3) If field level security on Order is updated to provide access to the Opportunity lookup field or the API version of the Apex class is updated to 43.0 or below, then the Order child relationship will be displayed.

Scenario 2:
1) As a user with a custom profile with no Read access to "Opportunity Child", navigate to /apex/W5679201. "Opportunity_Child__c" is not displayed in the list of child relationships.

2) If Read access to "Opportunity Child" is provided or the API version of the Apex class is updated to 43.0 or below, then "Opportunity_Child__c" is not displayed in the list of child relationships.

Workaround
As explained above for each scenario.

Is it Fixed?

AP0 AP3 AP4 AP5 AP6 AP7 AP8 AP9 AP14 AP15 AP20 AP21 AP22 AP28 CS1 CS2 CS3 CS4 CS5 CS6 CS7 CS8 CS9 CS10 CS109 CS108 CS107 CS106 CS105 CS102 CS101 CS100 CS115 CS110 CS11 CS116 CS12 CS137 CS138 CS13 CS14 CS15 CS152 CS151 CS16 CS17 CS18 CS19 CS20 CS21 CS22 CS23 CS24 CS25 CS26 CS27 CS28 CS29 CS30 CS31 CS32 CS33 CS34 CS35 CS36 CS37 CS40 CS41 CS42 CS43 CS44 CS45 CS47 CS50 CS51 CS52 CS53 CS54 CS57 CS58 CS59 CS60 CS61 CS62 CS63 CS64 CS65 CS66 CS67 CS68 CS69 CS70 CS71 CS72 CS73 CS74 CS75 CS76 CS77 CS78 CS79 CS80 CS81 CS82 CS83 CS84 CS85 CS86 CS87 CS88 CS89 CS90 CS91 CS92 CS93 CS94 CS95 CS96 CS97 CS98 CS99 EU7 EU8 EU9 EU10 EU12 EU13 EU14 EU15 EU16 EU17 EU18 EU19 EU25 EU26 NA104 NA100 NA101 NA103 NA102 NA105 NA129 NA130 NA132 NA131 NA146 NA155 NA196 NA21 NA32 NA33 NA37 NA39 NA40 NA42 NA44 NA45 NA46 NA47 NA49 NA50 NA51 NA52 NA53 NA54 NA56 NA57 NA58 NA59 NA60 NA61 NA62 NA63 NA64 NA65 NA66 NA67 NA68 NA69 NA70 NA71 NA72 NA73 NA74 NA75 NA76 NA77 NA78 NA79 NA80 NA81 NA82 NA83 NA84 NA85 NA86 NA87 NA88 NA89 NA90 NA91 NA92 NA93 NA94 NA95 NA96 NA97 NA98 NA99 UM1 UM2 UM3 UM4 UM5

Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.