Can I Mass Modify Object Settings > Tab Settings for All Profiles? (Default On/Default Off/Hidden)
There is a sObject called PermissionSet which has a field IsOwnedByProfile which signified if the permission set is having the access settings for a profile or not. Every Profile has a permission set to define object accesses. Plus there is ObjectPermission sObject as well which holds the actual permissions for each Permission Sets.
So you can do something like this.
SELECT SObjectType, PermissionsRead, PermissionsCreate, PermissionsEdit, FROM ObjectPermissions WHERE parentid in (select id from PermissionSet where PermissionSet.IsOwnedByProfile = true)
And form the update query accordingly.
There are several objects that you can utilize for mass updates of profiles and permission sets.
The objects are as follows:
- ObjectPermissions - Controls Object Level Create, Read, Edit, Delete, View All and Modify All permissions
- FieldPermissions - Controls field level security
- SetupEntityAccess - A special table that allows for controlling Visualforce Page, Apex Class, Connected Application and Application (Tab Set) access.
Unfortunately, at this time, RecordType access is not available in these objects.
For all of the above objects, you must use the PermissionSet ID for the parent ID field. You can use the below query for this (standard profiles are excluded since they aren't updateable for Object Level and FLS security - but can be used with SetupEntityAccess):
SELECT ID, Name, Profile.Name FROM PermissionSet WHERE IsCustom = true
If the permissions are existing on the objects, you can simply query the records that exist today using a tool like workbench to query / update (dataloader is an option too). If you use dataloader, you must check the box that says "View all objects" to see the above objects for query.
For SetupEntityAccess, you must first get the SetupEntityId of the record before you are able to perform an insert, e.x for visualforce pages:
SELECT Id FROM ApexPage
You may then map this to the SetupEntityId Field. You can then insert the records and you will have access to the record. If the record already exists and has access you will get a duplicate error from the system. If you are not familiar with the process, I would first suggest that you perform this activity in a sandbox and test all corresponding processes.