Hello,
I have added a security expression in record-level security to handle complex filter criteria that include the logged-in user as one of the filters.
I am exporting the record information using related actions and a scheduled job.
Export from the related action is fetching the expected output; however, export using the scheduled job is not returning the correct results because the record-level security condition is failing due to the logged-in user check.
To get the correct results, do I need to explicitly pass the filters defined in record-level security when querying the record from the scheduled job? Or is there a better way to achieve the same results?
Please advise.
Discussion posts and replies are publicly visible
What do you mean by not returning correct results? What is the result you are expecting and what is being fetched?If its a scheduled job and if you are trying to query data from record inside the job, the record level security will take the process model designer name. So if the designer does not have access to the record type data, it will not fetch any data. And loggedinuser does not have any meaning inside the process model because its running in the backend which is not visible to the user.
A automatically started process runs in the context of the user who deployed the model. And this context applies to your filter.
But, what data do you expect the see, when running this automatically?
I usually have a rule to allow the Application Administrators group and API users group to view all the Records.
You can then just run that process as admin and you won't have those types of issues.
We are using the End User Reporting module, which provides functionality for exporting reports and sending scheduled notifications for the displayed results.
Example: A record contains all users along with their respective departments.
When I log in as a specific user, the report should display only the records associated with the logged-in user's department. To achieve this, I have applied record-level security. Additionally, when the user schedules a job, it should fetch data related only to their department.
For an automatic job, since the context is taken from the user who deployed it (admin) and the admin user does not have a department assigned, the system is fetching all the data.
To ensure the correct results, I am considering filtering the records based on the department of the user who created the scheduled job.
Is this approach appropriate, or is there a better way to achieve the same results?
I would perhaps question why you need to "schedule" a report. But given the constraints you mentioned, I would say the approach you described is pretty much your only option.