Trick: Running User Must Have Create Permission to Field Used in Screen Flow Lookup Component : jenwlee
by: jenwlee
blow post content copied from Jenwlee's Salesforce Blog
click here to view original post
If you have configured the standard screen flow lookup component and get an error “Record is not createable.” when you test it as a user, this is due to the fact that the running user of a flow must have the Create permission on the source object. For example, to search a contact’s creator, the running user must have the Create permission on the Contact object. But what do you do if you can’t guarantee that every user who uses the screen flow with this lookup component has Create permission to the source object?
Here is the lesson learned from implementing this use case:
- Create a custom object called Screen Flow Lookup and various lookup fields and grant Create permission to all users.
- Add new custom lookup fields to the Screen Flow Lookup object, as needed.
Business Use Case: Addison Dogster is the system administrator at Universal Containers. She has been tasked with creating a screen flow to allow a user to request to freeze a user by a specific freeze date/time. Once the specific freeze date/time has passed, Salesforce will automatically freeze the user. When Addison tested the flow using debug as herself and as a user, the flow worked perfectly. However, when the actual user (Mary Markle) logged in with her own credentials and tested the same screen flow, she got an error “Record is not creatable.”
In researching the issue, Addison found out that in order to use the lookup component, the running user must have Create permissions to that object. Addison’s org that has profiles with various object permissions. She had a profile with Read permission to all objects, but not Create permission to any objects. They needed to access the screen flow, where they would select a user from the lookup and update a user record as a result of the screen submission. (Note: This user also had Manage Users permission). In this case, Addison could not pick a current standard or custom object where this user and other users in the org all had Create permission. She also didn’t want to just pick any standard object not currently used and grant Create access for fear that down the road, she may use that standard object and need to grant access. This would go against the guiding principle of least privilege access. In that case, she would have have granted more permissions than the user should have.
Solution: As a workaround to this lookup component limitation, being the #AwesomeAdmin that she was, Addison created a custom object called Screen Flow Lookup and created fields that would be most often used in a lookup situation, such as user, contact, account and opportunity, for starters. You can further add to this by adding more custom lookup fields in the future as the need arises.
Highlighted Steps:
1. Create a new object called Screen Flow Lookup.
2. Create needed custom lookup fields you will use in the standard screen flow lookup component. The below screenshot shows the ones Addison created for use. For the user lookup, you can use the standard field Created By.
3. Grant Create permissions to the Screen Flow Lookup object to all the user profiles who interact with screen flows.
FYI: Here is an example of how to configure a user field in the standard flow lookup component, referencing the CreatedById field in the Screen Flow Lookup object.
June 04, 2021 at 05:30PM
Click here for more details...
=============================
The original post is available in Jenwlee's Salesforce Blog by jenwlee
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================
Post a Comment