Skip to content

Review external users that may be assigned to profile/permsets with ReadAll or ModifyAll permission #324

New issue
New issue
Open
Feature
Open
Review external users that may be assigned to profile/permsets with ReadAll or ModifyAll permission#324
Feature
Assignees
VinceFINET
Labels
enhancementNew feature or request
Milestone
Version Nitrogen [N, 7]
@VinceFINET

Description

@VinceFINET
VinceFINET
opened on Sep 29, 2023

I would like to review the list of external active users that are in my org and that are assigned to profile and or permission set that contain a read all or modify all permission on at least one SObject.

And report that in the User tab in orgcheck.

Maybe disctinguish internal and external users in two sep sub tabs y the way.

The SOQL that you can use to detect this VERY BAD behavior is:

SELECT  SobjectType,  Parent.Name, Parent.Profile.Name, PermissionsViewAllRecords,
                PermissionsModifyAllRecords 
FROM ObjectPermissions 
WHERE (PermissionsViewAllRecords=true OR PermissionsModifyAllRecords=true) 
AND ParentId IN (SELECT PermissionSetId FROM PermissionSetAssignment WHERE Assignee.UserType='CspLitePortal')

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

Feature

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions