record type security problem

Record Types for objects that should not be available for a user profile are visible in picklists and table filters.

I’ve come across the problem in several places in Skuid, most recently I built a table filter that uses Rows in a Model as the values, and the model is RecordType with a condition of SObject Name = Contact. A user that has no access to the Contact Record Type of Shareholder can see the Shareholder option in the Table Filter.

This also happens with field editors when the Record Type field is a picklist, all users can see all record types that are available except those limited by filters, even if they don’t have access to a particular record type. It throws an error on save if the user chooses a record type they don’t have access to, but I’d prefer if they just didn’t even see the unavailable record type option.

I am also having the same issue. I have a custom object that has record types that are not suppose to be seen by one of our profile and even though the profile is setup correctly and it works on the Salesforce side it does not work on the my Skuid wizard. They can see all record types and I only want them to see the ones they have permission to use. Has there been an update on this or a work around that I can use to make this work properly?

I’ve been able to work around this a bit. 

I believe what you’ll want to do is have a model for your record types, so if it’s Account, call it something like AccountRecordTypes, then your SObject is RecordType.

You can then set a condition on this model Sobject = Account (or whatever object you’re using) so it only pulls in record types related to that object. 

This model query on RecordTypes should respect the security rules, so in theory you would only get record types that the user has access to. You could test this by building a table of your record type model, then logging in as the user you want to test and seeing what they can see.

If it’s working right, then on the field in a field editor or table where someone is choosing record types, you can set a lookup filter so that it only shows records from your AccountRecordTypes model. 

Let me know if that helps, and if not I’ll take a closer look at what I’ve got and post some screenshots/more details

Thanks for that tip, Jack! While the separate model on Record Type might be a good option here, unfortunately I don’t think creating the separate model will prevent users from accessing Record Types that haven’t been assigned to them. See this post:
https://community.skuid.com/t/record-type-reference-field-filter-showing-values-that-u…

You might need to actually add a different instance of the Record Type field to the page for each profile viewing the page, then for each instance, add a lookup filter based on the Record Type Name. In a field editor, you can then conditionally render each field based on the running user’s profile. Hope that helps.

You’re right! I knew I had done something like that, just couldn’t find out where or what.

I have trouble with the In multiple selected values for lookup filters, especially when it comes to Record Types. I found I had to create a model for each of the lists of values I wanted. Maybe it works better now.

The way I did it was create two different Record Type Models, each with Name In the values I wanted, and then on the two different Record Type fields on my field editor, I have lookup filters where ID is in the values from RecordTypesModel#1 or RecordTypesModel#2, and then I conditionally render each of those fields based on user profile.

We achieved this by adding a custom picklist to the Account object with the list of record types. We used the Workflow to change the record type from default record type to actual record type . We knew this was not the perfect design but it worked out for us.

Thanks for sharing Sri.   Like so much,  there is a working design - that while not perfect - works.  And that is what is important. 

Any plans to limit the record type selection field to only those record types available to the user?  The record type table filter (when auto-selecting options) respects this, only showing record types that the user has available to create, but the actual record type (editable) field shows all record types when creating a new record.  Seems like if anything, that should be the other way around, since users often can see records of record types beyond those they have available to create due to sharing settings, role hierarchies, etc.  And in my recent test, unlike the OP, I did not get an error when saving a new record with a record type unavailable to that user.  I just installed the latest version (10.0.7) in a sandbox and am seeing the same behavior.

I finally got something working using a field renderer snippet from the Record Type field!  See my reply from today here (3rd reply in the thread) for the snippet.