Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review external users that may be assigned to profile/permsets with ReadAll or ModifyAll permission #324

Open
VinceFINET opened this issue Sep 29, 2023 · 0 comments
Open

Review external users that may be assigned to profile/permsets with ReadAll or ModifyAll permission #324

VinceFINET opened this issue Sep 29, 2023 · 0 comments
Assignees
@VinceFINET
Labels
enhancement New feature or request
Milestone
Version Boron [B, 5]

Comments

@VinceFINET
Copy link
Collaborator

I would like to review the list of external active users that are in my org and that are assigned to profile and or permission set that contain a read all or modify all permission on at least one SObject.

And report that in the User tab in orgcheck.

Maybe disctinguish internal and external users in two sep sub tabs y the way.

The SOQL that you can use to detect this VERY BAD behavior is:

SELECT  SobjectType,  Parent.Name, Parent.Profile.Name, PermissionsViewAllRecords,
                PermissionsModifyAllRecords 
FROM ObjectPermissions 
WHERE (PermissionsViewAllRecords=true OR PermissionsModifyAllRecords=true) 
AND ParentId IN (SELECT PermissionSetId FROM PermissionSetAssignment WHERE Assignee.UserType='CspLitePortal')
@VinceFINET VinceFINET added the enhancement New feature or request label Sep 29, 2023
@VinceFINET VinceFINET self-assigned this Sep 29, 2023
@VinceFINET VinceFINET added this to the Version Boron [B, 5] milestone May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@VinceFINET VinceFINET

Labels
enhancement New feature or request
Projects
None yet
Milestone
Version Boron [B, 5]
Development

No branches or pull requests
1 participant
@VinceFINET