Error: Implementation Restriction?

Hi there,

After overriding our ContactDetail page using the tutorials provided by Skuid, I noticed a strange error… I can only view the new Skuid page from a System Admin profile.

Every other profile or user receives the following error:
"Implementation Restriction: activity aggregate relationships only allow security evaluation for non-admin users when LIMIT is specified and at most 500"

I have attached a screenshot of this error.

Thank you for your support,

Here is a shot in the dark. 
I’m guessing you have a task model for the contact.  Try putting a limit of records retrieved on that model.  Start with somthing ridiculous,  like 10 records.   It looks like Salesforce doesn’t want to do sharing rules evaluation on those records when more than 500 are retrieved. 

Hi Rob, thanks for the quick reply.

I thought the same thing and so adjusted all of my models to have a limit of 25.
Now mind you, for the ContactDetail page, I’ve set a model for the Contact itself, plus Tasks, Opportunities, Attachments, and Events.

But all these combined would not even exceed 200, so I’m a little lost as to the source of this issue. Especially since System Admins have no problem at all.

The Model that is causing a problem here is an Aggregate Model that is on either a Task or Event object – I’m guessing you have at least one such Model on your page. Try adding a limit of 499 to to just your Task/Event Aggregate Model — none of the other Models should need to have this limit.

This is actually a fairly common error message, and you’ll encounter it in weird places on various Standard objects. It only ever happens for non-Admin users, because non-Admin users’ access to records is governed by the Salesforce Security Model, whereas Admins have the “View All Data” permission, which means that Salesforce ignores the Security Model completely for them when choosing which records to let Admins access. So for Salesforce’s purposes, it’s a lot more “expensive” to try to determine which records a non-Admin user should have access to, because Salesforce has to evaluate the whole Sharing Model for a given object when a non-Admin user runs a query on that object. Therefore Salesforce puts in these “Implementation Restrictions” that limit how many records of these Standard Objects that non-Admin users can request in a particular transaction. This makes sense for standard Objects like Task and Event for which there are often millions of records in customers’ orgs, because Salesforce’s Query Optimizers have to do a lot more work to try to search through these millions of records trying to find ones that a non-Admin user has access to.

Hey Zach, thank you for the detailed response. You provided some in-depth knowledge and I understand the SF platform a little better now. Unfortunately, I was only able to fix this issue by scrapping my Skuid page entirely and then restarting my page layout from one of your pre-built pages from the Page Repository.

Still not sure what model was causing the problem, but we seem to have things running smoothly at the moment.

Thanks again to the both of you for your support, greatly appreciated!