OrgCheck icon indicating copy to clipboard operation
OrgCheck copied to clipboard

Published 20 hours ago verified publisher icon SalesforceLabs

Review external users that may be assigned to profile/permsets with ReadAll or ModifyAll permission

Open VinceFINET opened this issue 1 year ago • 0 comments

I would like to review the list of external active users that are in my org and that are assigned to profile and or permission set that contain a read all or modify all permission on at least one SObject.

And report that in the User tab in orgcheck.

Maybe disctinguish internal and external users in two sep sub tabs y the way.

The SOQL that you can use to detect this VERY BAD behavior is:

SELECT  SobjectType,  Parent.Name, Parent.Profile.Name, PermissionsViewAllRecords,
                PermissionsModifyAllRecords 
FROM ObjectPermissions 
WHERE (PermissionsViewAllRecords=true OR PermissionsModifyAllRecords=true) 
AND ParentId IN (SELECT PermissionSetId FROM PermissionSetAssignment WHERE Assignee.UserType='CspLitePortal')

VinceFINET avatar Sep 29 '23 10:09 VinceFINET