Can community user query internal users of salesforce

Clash Royale CLAN TAG#URR8PPP

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;

up vote
3
down vote

favorite

I am running a trigger whenever a contact is edited. In trigger I am querying user

[Select id from user]

I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?

I have found a similar question here :-
Can community users reference internal users in Chatter?

apex soql community user-record

share|improve this question

asked 3 hours ago

Manjot Singh

1,870521

add a comment | 

up vote
3
down vote

favorite

I am running a trigger whenever a contact is edited. In trigger I am querying user

[Select id from user]

I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?

I have found a similar question here :-
Can community users reference internal users in Chatter?

apex soql community user-record

share|improve this question

asked 3 hours ago

Manjot Singh

1,870521

add a comment | 

up vote
3
down vote

favorite

up vote
3
down vote

favorite

I am running a trigger whenever a contact is edited. In trigger I am querying user

[Select id from user]

I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?

I have found a similar question here :-
Can community users reference internal users in Chatter?

apex soql community user-record

share|improve this question

asked 3 hours ago

Manjot Singh

1,870521

I am running a trigger whenever a contact is edited. In trigger I am querying user

[Select id from user]

I am getting all the users when trigger in run in any internal user context. But when same trigger is run in community user context I am getting only community member. Is this known behaviour or I am doing something wrong. Is there any Knowledge article for this?

I have found a similar question here :-
Can community users reference internal users in Chatter?

apex soql community user-record

apex soql community user-record

share|improve this question

asked 3 hours ago

Manjot Singh

1,870521

share|improve this question

asked 3 hours ago

Manjot Singh

1,870521

share|improve this question

share|improve this question

asked 3 hours ago

Manjot Singh

1,870521

asked 3 hours ago

Manjot Singh

1,870521

asked 3 hours ago

Manjot Singh

1,870521

1,870521

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
2
down vote



accepted

You can refer Determine User Visibility in Your Community

User sharing lets you decide whether all users in a community are visible to each other.

User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.

The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.

If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:

• Search for Sally


• Find Sally in the community People tab, even if Sally is a member of the community


• Add Sally to a group


• Share a file or record with Sally

If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.

If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.

So, your SOQL query returns the list of users based on above mentioned settings.

share|improve this answer

answered 3 hours ago

Santanu Boral

29.3k52150

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  thanks @Santanu
  – Manjot Singh
  2 hours ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.

That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.

I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.

The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.

share|improve this answer

answered 2 hours ago

Pranay Jaiswal

10.2k31949

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks Pranay for your help
  – Manjot Singh
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
  – Charles T
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
  – Manjot Singh
  17 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "459"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f238855%2fcan-community-user-query-internal-users-of-salesforce%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote



accepted

You can refer Determine User Visibility in Your Community

User sharing lets you decide whether all users in a community are visible to each other.

User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.

The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.

If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:

• Search for Sally


• Find Sally in the community People tab, even if Sally is a member of the community


• Add Sally to a group


• Share a file or record with Sally

If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.

If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.

So, your SOQL query returns the list of users based on above mentioned settings.

share|improve this answer

answered 3 hours ago

Santanu Boral

29.3k52150

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  thanks @Santanu
  – Manjot Singh
  2 hours ago
  

  
  
  
  

add a comment | 

up vote
2
down vote



accepted

You can refer Determine User Visibility in Your Community

User sharing lets you decide whether all users in a community are visible to each other.

User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.

The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.

If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:

• Search for Sally


• Find Sally in the community People tab, even if Sally is a member of the community


• Add Sally to a group


• Share a file or record with Sally

If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.

If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.

So, your SOQL query returns the list of users based on above mentioned settings.

share|improve this answer

answered 3 hours ago

Santanu Boral

29.3k52150

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  thanks @Santanu
  – Manjot Singh
  2 hours ago
  

  
  
  
  

add a comment | 

up vote
2
down vote



accepted

up vote
2
down vote



accepted

You can refer Determine User Visibility in Your Community

User sharing lets you decide whether all users in a community are visible to each other.

User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.

The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.

If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:

• Search for Sally


• Find Sally in the community People tab, even if Sally is a member of the community


• Add Sally to a group


• Share a file or record with Sally

If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.

If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.

So, your SOQL query returns the list of users based on above mentioned settings.

share|improve this answer

answered 3 hours ago

Santanu Boral

29.3k52150

You can refer Determine User Visibility in Your Community

User sharing lets you decide whether all users in a community are visible to each other.

User sharing for external users is turned on by default when you enable Communities. This setting applies to all communities in your organization.

The default setting allows an external user to see other external users under the same account and users in common communities. You can change the organization-wide default for Users to make your communities more restrictive or open, depending on your use case.

If the you deselect Community User Visibility, external users can’t see each other. For example, John and Sally are external users. John can’t:

• Search for Sally


• Find Sally in the community People tab, even if Sally is a member of the community


• Add Sally to a group


• Share a file or record with Sally

If John and Sally are members of the same group or share the same record, then they can see each other’s conversations and updates within the group or on the record, but nowhere else.

If Sally belongs to the same account as John, and John has delegated external user administration privileges, then John can see Sally. Delegated External User Administration takes priority over user sharing.

So, your SOQL query returns the list of users based on above mentioned settings.

share|improve this answer

answered 3 hours ago

Santanu Boral

29.3k52150

share|improve this answer

share|improve this answer

answered 3 hours ago

Santanu Boral

29.3k52150

answered 3 hours ago

Santanu Boral

29.3k52150

answered 3 hours ago

Santanu Boral

29.3k52150

29.3k52150

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  thanks @Santanu
  – Manjot Singh
  2 hours ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  thanks @Santanu
  – Manjot Singh
  2 hours ago
  

  
  
  
  

1

1

thanks @Santanu
– Manjot Singh
2 hours ago

thanks @Santanu
– Manjot Singh
2 hours ago

add a comment | 

up vote
1
down vote

Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.

That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.

I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.

The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.

share|improve this answer

answered 2 hours ago

Pranay Jaiswal

10.2k31949

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks Pranay for your help
  – Manjot Singh
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
  – Charles T
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
  – Manjot Singh
  17 mins ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.

That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.

I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.

The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.

share|improve this answer

answered 2 hours ago

Pranay Jaiswal

10.2k31949

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks Pranay for your help
  – Manjot Singh
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
  – Charles T
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
  – Manjot Singh
  17 mins ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

up vote
1
down vote

Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.

That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.

I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.

The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.

share|improve this answer

answered 2 hours ago

Pranay Jaiswal

10.2k31949

Check the OWD for user object in sharing setting. It will be public read/only for Internal and private for external.

That means, Internal users can querry all users whereas community user can only access user which are shared to them via sharing rule or manual sharing.

I am against providing read access of any Internal user to external user as I have seen they will be able to mention any internal users on chatter. Which can be bit spammy most of the times.

The best solution is to use without sharing keyword so that they can only access Internal user in code and thus minimizing the privacy of internal users in chatter.

share|improve this answer

answered 2 hours ago

Pranay Jaiswal

10.2k31949

share|improve this answer

share|improve this answer

answered 2 hours ago

Pranay Jaiswal

10.2k31949

answered 2 hours ago

Pranay Jaiswal

10.2k31949

answered 2 hours ago

Pranay Jaiswal

10.2k31949

10.2k31949

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks Pranay for your help
  – Manjot Singh
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
  – Charles T
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
  – Manjot Singh
  17 mins ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thanks Pranay for your help
  – Manjot Singh
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
  – Charles T
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
  – Manjot Singh
  17 mins ago
  

  
  
  
  

Thanks Pranay for your help
– Manjot Singh
1 hour ago

Thanks Pranay for your help
– Manjot Singh
1 hour ago

Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
1 hour ago

Be VERY CAREFUL using without sharing on Communities code as you don't want to expose a data leak (I have seen this happen in production solutions). The correct approach is to make your Apex controllers (of both Lightning and Visualforce) with sharing. If it needs to make decisions based on data unavailable to the user, it can call a without sharing helper class that accesses the privileged data, executes the business logic required from it, and returns the outcome of that logic to the controller.
– Charles T
1 hour ago

Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
17 mins ago

Yes I am not using Without sharing keyword I am just going to add some users in community for now. @CharlesT
– Manjot Singh
17 mins ago

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f238855%2fcan-community-user-query-internal-users-of-salesforce%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email