Posts

Tutorial: Check field and system permissions in screen flows when using System Context using ExecuteSOQL

With the advent of System-context screen flows I can’t help but think of the famous phrase ‘With great power comes great responsibility’. When running screen flows in system context, you could inadvertently grant Read or Edit access to a critical system field to the wrong audience. Let’s say you wanted to do some cool stuff like in Jen Lee’s recent post about Community User Management, and you want to ensure the person running the flow has the ‘Manage External User’ permission. Her flow does this check using a custom permission, which is totally fine, this just checks the system permissions directly.

All of that is possible with some straightforward SOQL queries against the Permission Set Assignment object. You may or may not be aware, but the PermissionSet object actually contains Profile permissions as well so it’s a one-stop shop for getting Field and System permissions!

Run an action to check a field permission

The following example will run you through a VERY basic scenario where a Flow presents a screen to update a given field and the flow is running in System context – God mode.

  • We let the user pick an Account Rating in a basic Flow screen with a picklist radio button
  • We run the ExecuteSOQL action to check if the running user has ‘Edit’ permission for the Account Rating field.
  • For older versions of ExecuteSOQL that return an ’empty’ collection we assign the count of the results to a number field
  • We then do a decision to see if the number of permissions assigned to the user is > 0.
  • We then either show a screen that says you cant edit it or we move on with updating the field.
Flow Overview

Most of you can probably handle the beginning and end – so I’ll provide some more color on the middle part that does the permission checking.

  • You’ll want to construct your query using a Plain Text text template variable:

SELECT AssigneeId,PermissionSetId,Permissionset.Name,Permissionset.Profile.Name
FROM PermissionSetAssignment
WHERE Assignee.Id= ‘{!formulaRunningUserID}’
AND PermissionSetId in (Select ParentId from FieldPermissions where SobjectType = ‘Account’ and Field = ‘Account.Rating’ and PermissionsEdit = true)

*WARNING* If you make any edits to the text template variable, a Flow bug will revert the template back to rich text and it will break the action! Make sure you revert it to Plain Text after every edit.

  • Next up is to make the ExecuteSOQL action:
  • Here’s an example result from the action above that returns the permission granted by the System Admin profile when run as myself.
  • (For older versions of ExecuteSOQL only) You’ll then want to assign the results to a number since older versions of ExecuteSOQL return an empty collection if no results are found. Make sure you set the default value to 0 when making the variable.
  • Use an ISNULL check if you’re using the latest and greatest.
  • Create your decision and you’re done!

Checking multiple fields

You could of course extend this to multiple fields in one query by modifying the SOQL query, for example:

SELECT AssigneeId,PermissionSetId,Permissionset.Name,Permissionset.Profile.Name
FROM PermissionSetAssignment
WHERE Assignee.Id= ‘0051I000000UB4LQAW’
AND PermissionSetId in (Select ParentId from FieldPermissions where SobjectType = ‘Account’ and
Field in (‘Account.Rating’,’Account.Type’) and PermissionsEdit = true)

System permission checks

You can also check for specific system permissions! Let’s say you wanted a Flow embedded on the Case layout that manages the Contact’s community user record. The query below could be used to check if the user handling the case has permissions to manage the external user account:

SELECT AssigneeId,PermissionSetId,Permissionset.Name,Permissionset.Profile.Name
FROM PermissionSetAssignment
WHERE Assignee.Id= ‘{!formulaRunningUserId}’ AND PermissionSetId in (Select Id from PermissionSet where PermissionsManagePartners = true)

How to use ISCHANGED and PRIORVALUE in Before Save Flows by GORAV SETH

GORAV SETH demonstrates how you can use ISCHANGED and PRIORVALUE in Before Save Flows
Check it out

A Flow Screen Component that plays sounds

Created by Yumi Ibrahimzade

ABOUT
This is a Lightning Component that plays a sound effect.
It can be used on Flow Screens and Lightning Pages.
In order to play a sound, you have to upload the sound file as a Static Resource and then enter the name of the file to the “Sound File” parameter.

INSTALLATION

PARAMETERS
Sound File – Enter the name of the sound file.

CONSIDERATIONS
This component loads the sound file from Static Resources and plays it. So it is recommended to use smaller file sizes, otherwise it might take some time to load the file.

HOW TO USE
1- Upload the sound file as a Static Resource.

2- Add “SoundCMP” to your Flow Screen.
3- Enter the name of the sound file to the parameter called “Sound File”.

Custom Logging in Flows

Have you ever wanted to add your own logging to your flows? I’m not talking about the system logs, but rather creating your own log entries at specific places in your flow.
I’ve had a couple of instances, where I could really use this. Both for debugging as well as simply tracing whether an auto-launched flow has executed.
After having reinvented the wheel a few times, I got tired of it and decided to create something that is more reusable, and it has proven its value already more than once.

What I’ve done is this… I’ve created a custom object, a number of flows and a few tools to manage it all. You can add this flow as a subflow to any of your own flows. This step will create a new record in the custom object on which you can report.

This Quip document contains all the details and the link to the managed package.

Flow Log Step Settings

Update N Records in Flow Without a Loop by Jessie Rymph

Jessie Rymph from the blog https://unhandledsunshine.com/ has published a post showcasing two new invocable actions available on this site showing how to Update N Records in Flow Without a Loop

Launch a flow from a formula field

The first post in a new series on the Salesforce admin blog demonstrates a novel way to launch auoto-launched flows from a formula field on a report. This has several very interesting use cases
Check it out

Flow Use Case – New Task Button with picklist for selecting the record type

When our org migrated to Lightning, we were faced with an interesting issue: we had many task record types and in order to enable our end users to create tasks from the activity composer, we had to create a different quick action for each task record type. The result wasn’t pretty

Too many tabs

Our users wanted a simple button where they could create a task with one click and be able to select the task record type.
When I set out to build the solution, I started by using a Get Records element to query the record type object but soon realized that I can’t filter this list based on the record types available to the current user.

I was able to provide a nice solution using the new invocable action and quickChoice component found here on this site. I used the Get Record Type Info by Object action to generate a list of record types available to the current user. Then I fed the record type labels and Ids into the Quick Choice component. Finally I created the task and used the Navigate to Record action to open the new task in edit mode.

Get the available record types
You need to check this box to store the output value
The new task Id is fed into this action
And this is the completed flow
Here is the end user experience

Preventing duplicate junction object records by GORAV SETH

GORAV SETH demonstrates how you can use the new flow before save trigger combined with duplicate rules to prevent creation of duplicate junction object records.
Check it out

Get Record Type Info by Object – Flow Action

This action can be used to generate a list of record types for a specific object. This can be useful when you would like to present a record type selector to the user. Can be used as inputs to the QuickChoice managed package by setting Input Mode to “Dual String Collections”. Pass in one output collection for Labels and one for the underlying values

Inputs

AttributeTypeDescription
Object NameStringAPI name of the target object example “Task” or “MyObject__c”
ignoreMasterRecordTypeBooleanIf “on” then “Master” will not be added to the list of record types
onlyReturnActiveRecordTypesBooleanIf “on” then only active record types will be added to the list
onlyReturnRecordTypesAvailableToCurrentUserBooleanIf “on” then only record types available to the current user will be returned

Outputs

AttributeTypeDescription
errorsStringcaptures details of any error that occurred
recordTypeIdsStringIds of the records types.
recordTypeNamesStringNames of the record types.

Installation

Install this action as part of the QuickChoice managed package or as a standalone package.

Source

How to create a Map collection in Flows by Narender Singh

Narender Singh form ForcePanda wrote a two blog series about using map collections in flows. The second blog makes good use of the new generic sObject support in flows coming in the Spring ’20 release

Part 1: https://forcepanda.wordpress.com/2019/12/17/how-to-create-a-map-collection-in-flows-part-1/

Part 2: https://forcepanda.wordpress.com/2019/12/18/how-to-create-a-map-collection-in-flows-part-2flow-map-methods-spring20delight/