SetupEntityAccess

Represents the enabled setup entity access settings (such as for Apex classes) for the parent PermissionSet. This object is available in API version 25.0 and later.

To grant users access to an entity, associate the appropriate SetupEntityAccess record with a PermissionSet that’s assigned to a user.

Supported Calls

create(), delete(), describeSObjects(), query(), retrieve()

Special Access Rules

As of Spring ��20 and later, only users with "View Setup and Configuration" permission can access this object.

Fields

Field Name	Details
ParentId	Type reference Properties Create, Filter, Group, Sort Description The ID of the entity’s parent PermissionSet.
SetupEntityId	Type reference Properties Create, Filter, Group, Sort Description The ID of the entity for which access is enabled, such as an Apex class or Visualforce page.
SetupEntityType	Type picklist Properties Filter, Group, Nillable, Restricted picklist, Sort Description The type of setup entity for which access is enabled. Valid values are: ApexClass for Apex classes ApexPage for Visualforce pages In API version 28.0 and later, ConnectedApplication for OAuth connected apps In API version 31.0 and later, CustomPermission for custom permissions In API version 28.0 and later, ServiceProvider for service providers In API version 28.0 and later, TabSet for apps In API version 48.0 and later, CustomEntityDefinition for Custom Settings and Custom Metadata Types

Usage

Because SetupEntityAccess is a child of the PermissionSet object, the usage is similar to other PermissionSet child objects like FieldPermissions and ObjectPermissions.

For example, the following code returns all permission sets that grant access to any setup entities for which access is enabled:

1SELECT Id, ParentId, Parent.Name, SetupEntityId
2FROM SetupEntityAccess

The following code returns permission sets that grant access only to Apex classes:

1SELECT Id, ParentId, Parent.Name, SetupEntityId
2FROM SetupEntityAccess
3WHERE SetupEntityType='ApexClass'

The following code returns permission sets that grant access to any setup entities, and are not owned by a profile:

1SELECT Id, ParentId, Parent.Name, SetupEntityId
2FROM SetupEntityAccess
3WHERE ParentId
4IN (SELECT Id
5   FROM PermissionSet
6   WHERE isOwnedByProfile = false)

You may want to return only those permission sets that have access to a specific setup entity. To do this, query the parent object. For example, this code returns all permission sets that grant access to the helloWorld Apex class:

1SELECT Id, Name,
2   (SELECT Id, Parent.Name, Parent.Profile.Name
3   FROM SetupEntityAccessItems)
4FROM ApexClass
5WHERE Name = 'helloWorld'

While it’s possible to return permission sets that have access to a ConnectedApplication, ServiceProvider, or TabSet by SetupEntityId, it’s not possible to return permission sets that have access to these SetupEntityType fields by any other AppMenuItem attribute, such as Name or Description. For example, to find out if a user has access to the Recruiting app, you’d run two queries. First, query to get the AppMenuItem ID:

1SELECT Id, Name, Label
2FROM AppMenuItem
3WHERE Name = 'Recruiting'

Let’s say the previous query returned the AppMenuItem ID 02uD0000000GIiMIAW. Using this ID, you can now run a query to find out if a user has access to the Recruiting app:

1SELECT Id, SetupEntityId, SetupEntityType
2FROM SetupEntityAccess
3WHERE ParentId
4IN
5   (SELECT PermissionSetId 
6   FROM PermissionSetAssignment
7   WHERE AssigneeId = '005D0000001QOzF')
8AND (SetupEntityId = '02uD0000000GIiMIAW')

Object Reference for Salesforce and Lightning Platform

SetupEntityAccess

Supported Calls

Special Access Rules

Fields

Usage

See Also