If you have to support a Salesforce org, you will undoubtedly be faced with this question eventually. Why can’t a Salesforce user delete a certain record?
Most people will understandably think of permissions. These are not the only things to consider. There is also Record Sharing. If you want to learn more about that, I suggest you check out this post about Record Sharing.
Salesforce security is multi-layered and rarely enforced by only one of those levels. They work together to restrict and then open up access. You might want to check out the Salesforce Certified Sharing and Visibility Designer Skill Path on Pluralsight that covers all the layers.
Now, back to how to determine user record access. A simple SOQL query can tell you the answer. You can run this query in VS Code’s SOQL Builder or the Query Editor in Developer Console.
SELECT RecordId, HasEditAccess, HasDeleteAccess FROM UserRecordAccess WHERE UserId = [18 digit User ID] AND RecordId = [Record ID user trying to delete]
This query will tell you right away whether a user can edit and/or delete a certain record. NOTE: Edit and Delete access are not the same thing. As far as how to get the Id’s and run the query, use the following three steps.
Step 1: Get the UserId
To get the UserID, just go to Setup and Users. Click on the User record you are interested in. Select a portion of the ID that happens right after the address=%2F portion of the URL. It should start with 005. This is the UserID you can use in the query.
Step 2: Get the RecordId
The next thing you need is the RecordId, which in this case is for a Contact record. We can do that by accessing the Contact record in Salesforce and then selecting the portion of the ID in the URL that starts with 003. Go here to learn more about locating ID’s in the URL for Salesforce.
Step 3: Run the Query
You can access Developer Console by clicking the Gear icon in Salesforce and clicking Developer Console. This brings up a new window. From the Query tab, you can type in your query using the ID’s gathered in the first two steps. Click Execute to run the query.
This is what the final query will look like, which returns false for both edit and delete access.
SELECT RecordId, HasEditAccess, HasDeleteAccess FROM UserRecordAccess WHERE UserId = '005d0000002rqaS' AND RecordId = '003d000002ScEwPAAV'
Since this user is not the record owner, by default Salesforce does not allow other users to access the record.
Hope this Tip helps you. If you like this and want to learn more about Record Access in particular, check out this course about Record Sharing.