psforce
v1.2.0
Published
Interact with Salesforce permissions in JavaScript.
Downloads
51
Readme
OrgPermssioner
Easily interact with Salesforce permissions via Node.js
OrgPermssioner
in a javascript module that makes interacting with Salesforce org permissions a breeze.
It can be used by Salesforce ISVs and DevOps vendors for multiple use cases such as:
Find out why a user has access to a given permission
Salesforce users can be granted a specific permission, such as ViewAllData
via Profiles, Permission Sets and Permission Set Groups (and a combination of all of them).
The getUsersWithAccess
function retrives all the active users that have specific permissions enabled, and gives a breakdown of how the permissions are granted.
Here's how to use it
const conn = new jsforce.Connection();
await conn.login(...);
let permissionsToCheck = [perm1,perm2];
const result = await getUsersWithAccess({
jsforceConnection: conn,
permissionsToCheck
});
console.log(result);
The response provides a list of users who have access to ALL the permissions in the permissionsToCheck
array. For each permission, the sources
array list all the reasons that user has that permissions.
[
{
"username": "[email protected]",
"name": "pablo gonzalez",
"id": "005Wy000000uRLhIAM",
"permissions": [
{
"name": "PermissionsExportReport",
"sources": [
{
"type": "Profile",
"name": "X00ex00000018ozq_128_09_04_12_10",
"id": "00eWy0000008yPTIAY"
},
{
"type": "PermissionSetGroup",
"name": "AuthorApexAndExportData",
"id": "0PGWy0000004JFNOA2",
"sources": [
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
}
]
},
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
},
{
"type": "PermissionSet",
"name": "ExportReportPermSetA",
"id": "0PSWy000000TGMLOA4"
}
]
},
{
"name": "PermissionsAuthorApex",
"sources": [
{
"type": "PermissionSetGroup",
"name": "AuthorApexAndExportData",
"id": "0PGWy0000004JFNOA2",
"sources": [
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
}
]
},
{
"type": "PermissionSet",
"name": "AuthorApexPermSetB",
"id": "0PSWy000000TGKjOAO"
},
{
"type": "PermissionSet",
"name": "AuthorApexPermSetA",
"id": "0PSWy000000TGHVOA4"
}
]
}
]
},
{
"username": "[email protected]",
"name": "Pablo Gonzalez",
"id": "005Wy000000AcgjIAC",
"permissions": [
{
"name": "PermissionsExportReport",
"sources": [
{
"type": "PermissionSet",
"name": "ExportReportPermSetB",
"id": "0PSWy000000TGNxOAO"
},
{
"type": "PermissionSet",
"name": "ExportReportPermSetA",
"id": "0PSWy000000TGMLOA4"
},
{
"type": "Profile",
"name": "X00ex00000018ozh_128_09_04_12_1",
"id": "00eWy0000008yOpIAI"
}
]
},
{
"name": "PermissionsAuthorApex",
"sources": [
{
"type": "PermissionSet",
"name": "AuthorApexPermSetB",
"id": "0PSWy000000TGKjOAO"
},
{
"type": "PermissionSet",
"name": "AuthorApexPermSetA",
"id": "0PSWy000000TGHVOA4"
},
{
"type": "Profile",
"name": "X00ex00000018ozh_128_09_04_12_1",
"id": "00eWy0000008yOpIAI"
}
]
}
]
}
]
How it works
You must pass a jsforce connection object. How that object is created and how the authentication is established is your responsibility.
The permissionsToCheck
is a String[]
where each permission name corresponds to the permission-related fields in the PermissionSet
object. For each permission that exists in the org, a corresponding Permissions[Name]
field exists in the PermissionSet
object.
For example, the ViewAllData
and ExportReport
permissions are represented as PermissionsViewAllData
and PermissionsExportReport
respectively.
To view the entire list of fields that are permissions, use the jsforce describe operation
const metadata = await conn.sobject('PermissionSet').describe()
metadata.fields.forEach(field => {
if(field.name.startsWith('Permissions')){
console.log(field.name);
}
});