Can community user query internal users of salesforce
up vote
5
down vote
favorite
I am running a trigger whenever a contact is edited. In trigger I am querying user
[Select id from user]
I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?
I have found a similar question here :-
Can community users reference internal users in Chatter?
apex soql community user-record
asked Nov 9 at 10:46
Manjot Singh
2,180521
add a comment |
up vote
5
down vote
favorite
I am running a trigger whenever a contact is edited. In trigger I am querying user
[Select id from user]
I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?
I have found a similar question here :-
Can community users reference internal users in Chatter?
apex soql community user-record
asked Nov 9 at 10:46
Manjot Singh
2,180521
add a comment |
up vote
5
down vote
favorite
up vote
5
down vote
favorite
I am running a trigger whenever a contact is edited. In trigger I am querying user
[Select id from user]
I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?
I have found a similar question here :-
Can community users reference internal users in Chatter?
apex soql community user-record
asked Nov 9 at 10:46
Manjot Singh
2,180521
I am running a trigger whenever a contact is edited. In trigger I am querying user
[Select id from user]
I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?
I have found a similar question here :-
Can community users reference internal users in Chatter?
apex soql community user-record
apex soql community user-record
asked Nov 9 at 10:46
Manjot Singh
2,180521
asked Nov 9 at 10:46
Manjot Singh
2,180521
asked Nov 9 at 10:46
Manjot Singh
2,180521
asked Nov 9 at 10:46
Manjot Singh
2,180521
asked Nov 9 at 10:46
Manjot Singh
2,180521
2,180521
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
4
down vote
accepted
You can refer Determine User Visibility in Your Community
User sharing lets you decide whether all users in a community are visible to each other.
User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.
The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.
If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:
- Search for Sally
- Find Sally in the community People tab, even if Sally is a member of the community
- Add Sally to a group
- Share a file or record with Sally
If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.
If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.
So, your SOQL query returns the list of users based on above mentioned settings.
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
1
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
add a comment |
up vote
2
down vote
Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.
That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.
I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.
The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
1
Be VERY CAREFUL usingwithout sharingon Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce)with sharing. If it needs to make decisions based on data unavailable to the user, it can call awithout sharinghelper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
Nov 9 at 13:16
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "459"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f238855%2fcan-community-user-query-internal-users-of-salesforce%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
You can refer Determine User Visibility in Your Community
User sharing lets you decide whether all users in a community are visible to each other.
User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.
The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.
If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:
- Search for Sally
- Find Sally in the community People tab, even if Sally is a member of the community
- Add Sally to a group
- Share a file or record with Sally
If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.
If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.
So, your SOQL query returns the list of users based on above mentioned settings.
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
1
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
add a comment |
up vote
4
down vote
accepted
You can refer Determine User Visibility in Your Community
User sharing lets you decide whether all users in a community are visible to each other.
User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.
The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.
If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:
- Search for Sally
- Find Sally in the community People tab, even if Sally is a member of the community
- Add Sally to a group
- Share a file or record with Sally
If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.
If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.
So, your SOQL query returns the list of users based on above mentioned settings.
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
1
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
add a comment |
up vote
4
down vote
accepted
up vote
4
down vote
accepted
You can refer Determine User Visibility in Your Community
User sharing lets you decide whether all users in a community are visible to each other.
User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.
The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.
If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:
- Search for Sally
- Find Sally in the community People tab, even if Sally is a member of the community
- Add Sally to a group
- Share a file or record with Sally
If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.
If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.
So, your SOQL query returns the list of users based on above mentioned settings.
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
You can refer Determine User Visibility in Your Community
User sharing lets you decide whether all users in a community are visible to each other.
User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.
The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.
If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:
- Search for Sally
- Find Sally in the community People tab, even if Sally is a member of the community
- Add Sally to a group
- Share a file or record with Sally
If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.
If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.
So, your SOQL query returns the list of users based on above mentioned settings.
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
answered Nov 9 at 11:06
Santanu Boral
30.1k52152
30.1k52152
1
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
add a comment |
1
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
1
1
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
thanks @Santanu
– Manjot Singh
Nov 9 at 12:13
add a comment |
up vote
2
down vote
Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.
That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.
I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.
The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
1
Be VERY CAREFUL usingwithout sharingon Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce)with sharing. If it needs to make decisions based on data unavailable to the user, it can call awithout sharinghelper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
Nov 9 at 13:16
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
add a comment |
up vote
2
down vote
Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.
That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.
I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.
The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
1
Be VERY CAREFUL usingwithout sharingon Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce)with sharing. If it needs to make decisions based on data unavailable to the user, it can call awithout sharinghelper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
Nov 9 at 13:16
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
add a comment |
up vote
2
down vote
up vote
2
down vote
Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.
That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.
I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.
The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.
That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.
I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.
The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
answered Nov 9 at 11:34
Pranay Jaiswal
12.9k32251
12.9k32251
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
1
Be VERY CAREFUL usingwithout sharingon Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce)with sharing. If it needs to make decisions based on data unavailable to the user, it can call awithout sharinghelper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
Nov 9 at 13:16
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
add a comment |
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
1
Be VERY CAREFUL usingwithout sharingon Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce)with sharing. If it needs to make decisions based on data unavailable to the user, it can call awithout sharinghelper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
Nov 9 at 13:16
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
Thanks Pranay for your help
– Manjot Singh
Nov 9 at 12:26
1
1
Be VERY CAREFUL using
without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.– Charles T
Nov 9 at 13:16
Be VERY CAREFUL using
without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.– Charles T
Nov 9 at 13:16
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
Nov 9 at 14:01
add a comment |
Thanks for contributing an answer to Salesforce Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f238855%2fcan-community-user-query-internal-users-of-salesforce%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
