When our users who is not the owner of the account lookup a Salesforce contact within QuoteWerks, they see a blank screen whereas the count of the matching records is visible. They all have "view all" permission for both Accounts and Contacts. After debugging we got to know that the user may need 'Customize Application' permission to view the contact. This is an admin privilege and we are a bit hesitant to use this.
Can anyone please suggest any way out or any else has faced the same issue and used a different approach?
We are using the 'Salesforce' user license. To debug the issue I even tried to clone the standard user profile and gave view all permission for Accounts and Contacts. But again it didn't work. No result on quotewerks.
Can you (temporarily) try setting the sharing settings as below?
I just had a call with Salesforce developer support. He inspected the fiddler log to check the Salesforce API response to QuoteWerks. As per logs, it seems Salesforce is sending all information requested including the batch size, but for some reason, data is not displayed in QuoteWerks.I have attached logs for reference. Behavior at line 70 is as per admin and 102 as per non-admin.
From these logs, it's safe to exclude any permission issues. Now we need to look into why QuoteWerks is not able to display results with 'customize application' permission.
I would appreciate it if we can discuss this issue over the call. I will extend the invite to Salesforce support as well.
So in reviewing your fiddler file (which I have removed from the Forum because they can contain sensitive data), there are noted differences between what is returned from the two users. Not sure why Salesforce says they are returning the same. I'm going top break it down into requests and responses. For this example, I am searching for an account named Acacia
First, QuoteWerks sends a request to Salesforce logging in with the authentication information and Salesforce replies with all the information about that user such as organization name, user type, base currency, etc. There's aren't many differences between these two other than ProfileID and RoleID (and user name, user id, full name, and sessionsecondsvalid).
Next, QuoteWerks sends a request to Salesforce - describeSObjects - that is basically asking Salesforce to tell it about the object it is asking about, in this case Accounts. The Salesforce API respects object-level and field-level security configured in the user interface, meaning you can access objects and fields only if the logged-in user's permissions and access settings allow such access., therefore fields that are not visible to a given user are not returned. The describeSObjects from the user that works is significantly different than the user that doesn't (too much to screenshot even, I can send the file comparison if you need it).
Now, that shouldn't cause a problem unless one of the fields it can't see is a field QuoteWerks needs it to see, such as AccountNumber, Site, Ownership, and other standard Salesforce fields necessary for the integration (QuoteWerks doesn't care if we can't see your custom fields when pulling in contacts at the most basic level).
For the third request, QuoteWerks then sends to Salesforce a query based on the fields that it just returned. So The query from the two different users is significantly different (comparison tool screenshot below):
And the response is very different as well:
With the specific Query being generated as well as the difference in response, Salesforce ***should*** be able to better tell you what the permission difference is that is causing the problem. They should be able to run the queryString and advise why it's result size is 0 for the user that doesn't work vs 1 (correct) for the user that does work.
I'm not a Salesforce developer so I can't advise specifically what permission is causing these differences, but hopefully this will help them narrow it down.
Using a clone of the Standard Platform User , I have these settings under object permissions
And the following set in my Sharing Settings:
And the user can retrieve contacts owned by a different user without issue. I am not using Permission sets, just Profiles to control access.
Do you have specific permission sets set-up or per user-sharing detail set?
Users have "view all" permission at the profile level. Even they are able to search and view all contacts within Salesforce. It's just an issue when they lookup contacts within QuoteWerks. To enable a non-account owner to look up contacts in QuoteWerks they need to be given the admin privilege 'Customize Application'. We can’t give this level of privilege to any of our users. Do you think is there any other way out. Another thing that we noticed is the API version. Salesforce is using 53 as current whereas Quotewerks is at 40. Do you think the version can cause this issue? I have created a ticket with Salesforce support as well. They want to know what type of API QuoteWerks use and they have also asked to Capture API request and response logs. I am not sure how to do it.
I do NOT have 'Customize Application' privilege given to the user example from above, that is why I was asking if you used Permission sets or some other sharing control. In your Salesforce Profile, what is listed in the User License area, right under name?
You can capture traffic using a software such as Fiddler to get the request and response calls.