Tag Archives: Security

Checking Page Permissions in Apex

Recently, I ran into this use case:

Show a link to a Visualforce page only if the current user has access to it. This is usually done for a pilot or a dark launch scenario so that a subset of users only have access to a feature.

Originally, I thought I was going to have to implement this through a custom permission or some other configuration setting without being able to use out-of-the-box visualforce page access through profiles and permission sets. Needless to say, I’m glad I stumbled across the How do I find out if a user has access to a visualforce page through apex? stackoverflow post. In it, Gennadiy describes how one can use the following SOQL to query the SetupEntityAccess standard object to see if someone has access to a given Visualforce page or not.

If the accessSettings list has any records, then the current user has access to the desired Visualforce page. If there are no records, the current user doesn’t have access to the page.

This works with the page being granted access through either the user’s profile or a permission set, despite the ParentId being looked up against the PermissionSetAssignment object.