Debugging Record Visibility in Salesforce

 

Debugging Record Visibility in Salesforce

Here's a comprehensive guide to debug why a record is not visible to a user:

1. Check Object-Level Security (OLS)

Profile & Permission Sets

  • Go to Setup → Profiles → find the user's profile → check if the object has at least "Read" access
  • Check all Permission Sets assigned to the user for object access
  • Use Setup → Permission Set Groups if applicable
Setup → Users → [User] → Permission Set Assignments
Setup → Profiles → [Profile] → Object Settings → [Object]

2. Check Field-Level Security (FLS)

Even if the record is visible, key fields might be hidden:

  • Setup → Profiles → [Profile] → Field-Level Security → [Object]
  • Or use Setup → Object Manager → [Object] → Fields → [Field] → Set Field-Level Security

3. Check Record-Level Access (Sharing)

This is the most common culprit. Use the "Why Can't I See This Record?" tool or manual checks:

A. Use the Record Access Checker (Best Tool)

Setup → Sharing Settings → [Object] → (or directly on the record)
Record Detail Page → Sharing Button → View All Users with Access

B. Check OWD (Org-Wide Defaults)

Setup → Sharing Settings → Org-Wide Defaults
  • If OWD = Private → user needs explicit sharing
  • If OWD = Public Read Only / Read Write → all users can see it

C. Role Hierarchy

  • Does the user's role sit above the record owner's role?
  • Setup → Roles → verify hierarchy

D. Sharing Rules

  • Setup → Sharing Settings → [Object] → Sharing Rules
  • Check if any rule grants access to the user's role/group/territory

E. Manual Sharing

  • On the record → Sharing button → check if user or their group has access

F. Teams (Account/Opportunity/Case Teams)

  • Is the user part of the record's team?

4. Use the Salesforce Debug Tools

A. "Why Can't I See This Record?" Tool

Available in Lightning:

Setup → Users → [User] → Login → Navigate to Record → Check Access

B. Record Access API (SOQL)

sql
-- Check if user has access to a specific record
SELECT RecordId, HasReadAccess, HasEditAccess, HasDeleteAccess
FROM UserRecordAccess
WHERE UserId = '[UserId]'
AND RecordId = '[RecordId]'

C. SOQL for Sharing Table

sql
-- Example for Account sharing
SELECT Id, AccountId, UserOrGroupId, AccountAccessLevel, RowCause
FROM AccountShare
WHERE AccountId = '[RecordId]'

5. Check List View / Report Filters

The record might exist but be filtered out:

  • Is the List View scoped to "My Records" instead of "All Records"?
  • Check list view filters and sharing settings
  • In reports, check report type, filters, and row-level access

6. Check Record Type Visibility

  • Setup → Profiles → [Profile] → Record Types
  • If the record's Record Type is not assigned to the user's profile, it may not be visible in certain views

7. Territory Management (if enabled)

  • Is the user assigned to the territory that owns the record?
  • Setup → Territory Management → Territories → [Territory] → Assigned Users

8. Communities / Experience Cloud (if applicable)

  • Is the user an External/Community user? They have extra restrictions
  • Check Sharing Sets and Share Groups for community users
  • Verify the object is available in the community

9. Check if Record is Active / Not Deleted

sql
-- Check if record exists and is not deleted
SELECT Id, Name, IsDeleted FROM Account WHERE Id = '[RecordId]' ALL ROWS
  • Record might be in the Recycle Bin

10. Apex Managed Sharing

If custom code controls sharing:

  • Search for Database.Insert on [Object]Share records in Apex
  • Check if a trigger or batch job is supposed to create sharing rows but failed
sql
-- Check custom sharing rows
SELECT Id, ParentId, UserOrGroupId, AccessLevel, RowCause
FROM [Object]__Share
WHERE ParentId = '[RecordId]'

Quick Debug Checklist

LayerWhat to Check
OLS       Profile/Permission Set → Object = Read
FLS       Profile/Permission Set → Fields visible
OWD       Private / Public?
Role Hierarchy       User role above owner?
Sharing Rules       Criteria/ownership-based rules
Manual Sharing       Sharing button on record
Record Type       Assigned to profile?
List View Filter       Scoped to "All" not "Mine"?
Deleted?       Query with ALL ROWS
Territory       User in correct territory?

Comments

Post a Comment

Popular posts from this blog

Multi currency in Salesforce - Revenue Cloud Advance - Revenue Lifecycle Management

Image
  We need to follow some steps to enable and configure Multicurrency in salesfroce 1. Enabling Multicurrency        Setup -> Company Information -> Edit -> Activate Multiple Currencies (Check this check box).       Note : Once Multicurrency is enabled we con't disable it. 2. See all the available New Currencies    Setup -> Company Information -> Currency Setup (button) as shown in the image below. 3.  How to Create Multiple Currencies in Salesforce   Setup  -> Company Information -> Currency Setup -> New    As shown in the image below, we can create new Currencies.  4. How to use Multiple Currencies in Opportunity Creation.   Note : If you enable Multy-currency then In the opportunity(Object), "Opportunity Currency" (field) is mandatory to create an opportunity. 5. How to use Multi-currency in Quote Note:  1. If you gave currency for opportunity as EUR, and in quot...
Read more

How to get sessionid and salesforce org base url in salesforce

 old : string getSessionId=UserInfo.getOrganizationId().substring(0, 15) + ' ' +  UserInfo.getSessionId().substring(15); string loginUrl=URL.getSalesforceBaseUrl().toExternalForm()+'/secur/frontdoor.jsp?sid='+getSessionId; System.debug('>>>>>>>DEBUG>>>>>>>>>>>'+loginUrl); =========================================== new 12-6-2024 1. string getSessionId=UserInfo.getOrganizationId().substring(0, 15) + ' ' +  UserInfo.getSessionId().substring(15); string loginUrl='/secur/frontdoor.jsp?sid='+getSessionId; System.debug('>>>>>>>DEBUG>>>>>>>>>>>'+loginUrl); 2. ofter domain we need to add step1 output then we get full url for login using sessionid in salesforce. =========================================================== 1 : domain: 2 : add url : / secur/frontdoor.jsp?sid= 3: org id: 00D6u0000004Y50 4. session: 5. sessio id means : org ...
Read more