Most often Salesforce admins and developers tend to spend lot of time figuring out fields level security on multiple objects and fields and such process is time consuming in nature.

The following code is an attempt to extract FLS for a given object and for profile.

Step 1: Creation of batch class with Parameterized Constructor, SOQL query can be passed as string to the constructor.

//Batch Class For creating csv from query string and create file in predefined folder
global class BAT_FSCextract implements Database.Batchable<sObject>, Database.Stateful {
    public String query;  
    global String attachmentHeader;
    global List<String> csvRowValues = new List<String>();

    global BAT_FSCextract (String query){
        this.query = query;
    }

    global Database.QueryLocator start(Database.BatchableContext BC){
        return Database.getQueryLocator(query);
    }
   
    global void execute(Database.BatchableContext BC, List<sObject> scope){
        
        //Retrieved Records from the FieldPermissions (order: Name, Sobject Type, PermissionsRead, PermissionsEdit)
        for(FieldPermissions  currFieldPermissions : (List<FieldPermissions >) scope){
            String Field = currFieldPermissions.Field;
            String SObjectType = currFieldPermissions.SObjectType;
            Boolean PermissionsRead = currFieldPermissions.PermissionsRead;
            Boolean PermissionsEdit  = currFieldPermissions.PermissionsEdit;
           
            String rowStr = Field + ',' + SObjectType + ',' + PermissionsRead + ',' + PermissionsEdit;
            csvRowValues.add(rowStr);
        }
    }
   
    global void finish(Database.BatchableContext BC){
        List<Folder> folders = [SELECT Id, Name FROM Folder WHERE Name = 'FSC_log'];
       
        if(!folders.isEmpty()){
            String documentName = 'FieldLevel Security-'+ Datetime.now().format('MMM') + Datetime.now().year();
            attachmentHeader = 'FieldName, Object Name, Read, Edit\n';
            String csvFile = attachmentHeader + String.join(csvRowValues,'\n');
           
            // Insert the generated CSV file in Document object under "Setup Audit Trail Logs".
            Document doc = new Document(Name = documentName, Body = Blob.valueOf(csvFile), FolderId = folders[0].Id, Type = 'csv', ContentType='application/vnd.ms-excel');
            insert doc;
        }
    }
}

Step 2. Construct SOQL query for the given profile and object, in this case it is System Admin profile and the Account object.

//String to be used in query
String queryToPass ='SELECT Field, SObjectType, PermissionsRead, PermissionsEdit FROM FieldPermissions WHERE parentId IN ( SELECT id FROM permissionset WHERE PermissionSet.Profile.Name = 'System Administrator' AND IsOwnedByProfile = true) AND SObjectType = 'Account' ORDER BY Field ASC';

Step 3. Execute the batch from any possible way, here code block is executed from anonymous execution block


//Call the batch
Id batchJobId = Database.executeBatch(new BAT_FSCextract(queryTopass));

There can be multiple extension this solution, for example ….
1. Run on schedule based or create UI elements to allow business users/sys admins to get ad hoc reports for FLS.
2. Schedule this every day and create deltas using server side applications.
which can look into the excel/csv files.
3. Merge files for different Objects and Different Profiles, same as use case mentioned in https://www.bofc.io/ app exchange application but it needs considerable amount of efforts to get there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: