Setup
:
- Org is a classic org. Community is on Lightning. Hence we still use Attachments & not Content Libraries.
- Community user has read access on Object A which is on the master side of Master Detail Relationship with Object B.
- So sharing to object B is controlled by the parent, A.
- I have created a ligtning component to allow Community Users to download a specific document upload in Notes & Attachments of Object B
<a href="{!'/communityname/servlet/servlet.FileDownload?file=00P0p000000hzjNEAQ'}" target="_blank">Download</a> - When the community user clicks the link, a "Insufficient Access" message is shown.
- The community user has Read access to object A via a sharing set and hence is able to see records related to object A in the community.
My assumption was since object B's access is controlled via parent (A), community user should be able to see the attachment of B automatically. However that is not the case. I have even tried giving Edit access (as sugested by a few community users) on Object A to see if that works but its doesn't.
What else am I missing here and how can the community user access the attachment. The link works for an admin.
Regards,
Gautam.
5 answers
Hi Gautam,
Community users have Object read access and the attachment not getting download, Whereas Admin can download from the community.
So the problem is not related to the community setting It is related to user access, And access you have given read So if you give read-write access then you are able to download the attachment can you try this?
If so need to have workaround when user click on link share record with write access and once download remove the access by using coding.
Also before this workaround have link like as below in aura cmp
<a href="{!URLFOR($Action.Attachment.Download, '00P0p000000hzjNEAQ')}">Download</a>I am afraid, I cannot change the data model. The attachments are created in Salesforce by a 3rd party system. And also, in my case, a community user will never own a record. A record created by a staff (having access to Salesforce) is being shared with the community user based on a few conditions. The only purpose (as of now) of the community user is to see those records and download a specific file. Yes gautam correct you cannot change the OWD then create custom object to store notes and attachments as suggested in the above explanation also.
ThanksHey Shivam,
thanks for the suggestion. The sharing setting for Object A is Private (for both internal & external users) and Object B's sharing is controlled by A, so object B also inherits Private. For this reason, I created a Sharing Set to allow access to Object A and that is how Community users can see Object A's records.
Cannot change the OWDs for Object A.Hi Gautam,
Sounds like a sharing setting problem. You can change those under setup --> security controls --> sharing settings.
Also make sure to check your community profile under setup --> sites --> (click site label of community) --> public access settings.
The problem was that the custom object was in a Master-Detail relationship with a different one that had sharing set to private. This made the attachments private as well. This would have been easily solved by changing the Master object's sharing model but this was not possible due to business requirements.
Community Users do not have access to attachments for Contacts and Accounts (this is a limitation), you can see that by loading the contact record in the layout after you've logged in as community user.
We've confirmed that OWD would not come into play for community users, thus, even though OWD for account is Public Read Write (Contact - Controlled by Parent), this would not have effect for Community User.
This is a limitation for community users and the workaround is to create a custom object and have it related to Contact and then have the files attached to this custom object instead of Contact. Once the community user has taken ownership of the record and attachment, they will then able to see and open the attachment.
Thanks
