record type reference field filter showing values that user is not supposed to have access to

I’ve got a wizard that creates a new opportunity, and for the wizard I’ve limited possible record types to four options by using a field filter on the opportunity record type field. I’ve also overriden the user’s default record type by using a RecordType model that pulls in the one default option I want. 

My problem is that some partner community users should only see three record types. Their user profile does not give them access to the fourth, but they can see the fourth one when they run the wizard. 

I’ve even tried bringing in my four record types via a model, then filtering based on rows in a model, thinking that the model query would respect the user’s security settings.

This is an issue I keep running into, and I’ve always just found creative ways around it, but for this example I really just need Skuid to respect the user profile’s object settings with regards to available record types.

Any ideas?

I think you’ll need to use criteria based sharing rules to accomplish this. Assigning record types to profiles in salesforce is not really a security setting. You can check out this idea and vote for it though.

Darn. Thanks for the link, I voted. But still don’t understand how sharing rules would help, since they can only be used to grant access and not restrict it.

How does the record type selection screen work in default salesforce - that’s pulling in only options available to the user profile, is it possible for Skuid to replicate that?

Ok, I got a workaround:

I made two Record Type reference fields on the wizard, with two different filters, and I render the one with three values if the running user is that partner community user, and I render the other one if they are not. Done! Thanks for the help though, definitely know a little more about the record type stuff now. 

You would have to set the default sharing mode for your external users on that object to “private”. Then use the sharing rules to give them access.

That’s already in place, except the criteria for sharing is if the opportunity’s account is the same as their partner account. Since we share record types across multiple partner accounts I don’t see how we could use a record type criteria to limit their choice in a record type pick list on a new record. Maybe I just haven’t had enough coffee today. :slight_smile:

oh, yeah, I get what you’re saying now. That wouldn’t limit the record type picklist. Looks like you found a good workaround though.

Was this resolved using workaround only? or skuid started respecting profile permissions to show available record types for selection in picklist?

This is not solved as far as I can tell in v11.2.5.  Workarounds become next to impossible when dealing with the intersection of profiles and permission sets for many users, unless there is some way to dynamically pull a list of record types available to the user that I am not aware of?  And, as I noted here, somehow the auto-generated table-filter options on the record type field are able to pull the correct choices, but adding the record type field directly to a field editor reveals all record types for an object.  Worse, the user is able to save the record with a record type that their profile and permission sets do not allow!

I have a hacky way in place to show the user a record type “picklist” that is actually a select-filter within a filter set component.  Selecting an option invokes the action framework to write the selection to the new record in another model.  But something in one of the newer Skuid releases partially broke this in how it affects conditionally rendered, ui-required fields based on record type.  Can’t post all the details of that just yet, as I am up against a deadline and trying to fix all the things my upgrade broke, but it’s possible this has to do with parent-page-to-page-include communication (which would not be necessary if record-type selection worked as expected).

I’ve had the most luck bringing in models for my record types. If you can construct a query for a model that contains all the correct record types a given user should see, you can set the Record Type field in your field editor to pull in the values from that model. 

Unfortunately you can’t dynamically query the given record types available to a given profile for a given object, that information is held in a RecordTypeInfo object that isn’t available to SOQL. 

Zach McElrath outlines a way to get at it in apex, probably not something you’d be able to implement for your deadline but might be part of a longer-term solution:…

I finally got something working using a field renderer snippet from the Record Type field!  See my reply from today here (3rd reply in the thread) for the snippet.  Uses recordTypeInfos and isAvailable.

I don’t know why I couldn’t figure this out sooner.  I’d like to think it was because of a Skuid update that fixed something with the isAvailable property, but it was probably just that I didn’t know what I was doing before.