psforce
v1.2.2
Published
Interact with Salesforce permissions in JavaScript.
Readme
OrgPermssioner
Easily interact with Salesforce permissions via Node.js
OrgPermssioner in a javascript module that makes interacting with Salesforce org permissions a breeze.
It can be used by Salesforce ISVs and DevOps vendors for multiple use cases such as:
Find out why a user has access to a given permission
Salesforce users can be granted a specific permission, such as ViewAllData via Profiles, Permission Sets and Permission Set Groups (and a combination of all of them).
The getUsersWithAccess function retrives all the active users that have specific permissions enabled, and gives a breakdown of how the permissions are granted.
Here's how to use it
const conn = new jsforce.Connection();
await conn.login(...);
let permissionsToCheck = [perm1,perm2];
const result = await getUsersWithAccess({
jsforceConnection: conn,
permissionsToCheck
});
console.log(result);The response provides a list of users who have access to ALL the permissions in the permissionsToCheck array. For each permission, the sources array list all the reasons that user has that permissions.
[
{
"username": "[email protected]",
"name": "pablo gonzalez",
"id": "005Wy000000uRLhIAM",
"permissions": [
{
"name": "PermissionsExportReport",
"sources": [
{
"type": "Profile",
"name": "X00ex00000018ozq_128_09_04_12_10",
"id": "00eWy0000008yPTIAY"
},
{
"type": "PermissionSetGroup",
"name": "AuthorApexAndExportData",
"id": "0PGWy0000004JFNOA2",
"sources": [
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
}
]
},
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
},
{
"type": "PermissionSet",
"name": "ExportReportPermSetA",
"id": "0PSWy000000TGMLOA4"
}
]
},
{
"name": "PermissionsAuthorApex",
"sources": [
{
"type": "PermissionSetGroup",
"name": "AuthorApexAndExportData",
"id": "0PGWy0000004JFNOA2",
"sources": [
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
}
]
},
{
"type": "PermissionSet",
"name": "AuthorApexPermSetB",
"id": "0PSWy000000TGKjOAO"
},
{
"type": "PermissionSet",
"name": "AuthorApexPermSetA",
"id": "0PSWy000000TGHVOA4"
}
]
}
]
},
{
"username": "[email protected]",
"name": "Pablo Gonzalez",
"id": "005Wy000000AcgjIAC",
"permissions": [
{
"name": "PermissionsExportReport",
"sources": [
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
},
{
"type": "PermissionSet",
"name": "ExportReportPermSetA",
"id": "0PSWy000000TGMLOA4"
},
{
"type": "Profile",
"name": "X00ex00000018ozh_128_09_04_12_1",
"id": "00eWy0000008yOpIAI"
}
]
},
{
"name": "PermissionsAuthorApex",
"sources": [
{
"type": "PermissionSet",
"name": "AuthorApexPermSetB",
"id": "0PSWy000000TGKjOAO"
},
{
"type": "PermissionSet",
"name": "AuthorApexPermSetA",
"id": "0PSWy000000TGHVOA4"
},
{
"type": "Profile",
"name": "X00ex00000018ozh_128_09_04_12_1",
"id": "00eWy0000008yOpIAI"
}
]
}
]
}
]How it works
You must pass a jsforce connection object. How that object is created and how the authentication is established is your responsibility.
The permissionsToCheck is a String[] where each permission name corresponds to the permission-related fields in the PermissionSet object. For each permission that exists in the org, a corresponding Permissions[Name] field exists in the PermissionSet object.
For example, the ViewAllData and ExportReport permissions are represented as PermissionsViewAllData and PermissionsExportReport respectively.
To view the entire list of fields that are permissions, use the jsforce describe operation
const metadata = await conn.sobject('PermissionSet').describe()
metadata.fields.forEach(field => {
if(field.name.startsWith('Permissions')){
console.log(field.name);
}
});