This article explains how to determine whether a specific Salesforce user has access to a particular record. The UserRecordAccess object provides detailed information about a user's access to a specific set of records in your Salesforce org. You can query this object to check access levels for a given user.
Two approaches are available: querying the UserRecordAccess object by providing both the Record ID and the User ID, or querying the Share object (for example, AccountShare) for the specific Salesforce object you are evaluating.
00590000001OZ5bAAG) is a placeholder. Replace it with the actual 15 or 18-character Salesforce User ID for the user you want to check.Use the example queries below as a reference.
Example Query (Share Object):
SELECT AccountAccessLevel, AccountId, CaseAccessLevel, ContactAccessLevel, Id, IsDeleted,
LastModifiedById, LastModifiedDate, OpportunityAccessLevel, RowCause, UserOrGroupId
FROM AccountShare
WHERE AccountId = 'account_id'
Example Query (UserRecordAccess Object):
SELECT RecordId, HasReadAccess, HasEditAccess, HasDeleteAccess, HasTransferAccess,
HasAllAccess, MaxAccessLevel
FROM UserRecordAccess
WHERE RecordId = 'record_id' AND UserId = 'user_id'
NOTE: The code provided is an example. You'll need to review and make modifications for your organization.
List <Account> a = new List <Account>();
List <User> u = new List <User>();
List <ID> sRecordIDs = new List <ID>();
a = [select id from Account]; system.debug('>>>'+a.size());
u = [select id from User];
system.debug('>>>'+u.size());
for(Account c : a)
{
UserRecordAccess i =null; i = [SELECT RecordID FROM UserRecordAccess
WHERE UserId = '00590000001OZ5bAAG'
AND RecordID=: c.id AND HasReadAccess = True];
sRecordIDs.add(i.id);
}
system.debug('>>>'+ sRecordIDs.size());
system.debug('>>>'+ sRecordIDs);
You can also use the stripInaccessible() method in Apex. This method checks source records for fields that do not meet the field-level security (FLS) check for the current user, and returns a list of sObjects with those inaccessible fields removed. To ensure secure processing in Apex, this method can also be used to remove inaccessible fields from sObjects before a DML (Data Manipulation Language) operation — for example, before inserting or updating a record — to avoid exceptions and to sanitize sObjects.
000386023

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.