The requested resource does not exist [error] in Salesforce. What is wrong with Salesforce?
Solution 1
Based on your error description and screenshot, I assume that you're doing it through programetically ( Apex, Python, Java...) and there is no time delay between your first request(extraction of data, /Query?q=) , response and the second request (details of the record based on ID, /sobjects/ObjectPermissions/{id})
- The records with '000' can be idntified as EmptyKeys in Salesforce and generally refers to null relationship values.
Contact is the lookup field on Opportunity and below queries will return the same count.
SELECT count() FROM opportunity WHERE contactId = null
SELECT count() FROM Opportunity WHERE contactId = '000000000000000AAA'
- In reference to the records in Object permission (starting with '000'), is little different from Empty keys and breakdown of the ids can be found in the blog
Mystery Behind The Salesforce Key Prefix '000'
- In the above scenario, we can't filter out these objects in Metadata API query, however we can filter the records before sending out the second request in APEX code.
Set responseIds - Response record Ids returned from First Request and process the Ids to filter out '000' Ids for second request.
String prefix = Schema.SobjectType.ObjectPermissions.getKeyPrefix();
for(String str : responseIds){
if(!str.subString(0,3).contains(prefix)){
responseIds.remove(str);
}
}
- RecentlyViewed object is not to be used directly. The IDs in this object are not ID belonging to the recentlyViewed Object, instead they are actual record ID's. So if you intend to access the records from this object, you need to fetch the Ids from recentlyviewed Object then decode the keyprefix to get the proper sObject Name then use it this manner /sobjects/{decodedSobjectName}/{ID}
Or alternatively you can use /services/data/v48.0/recent (refer Salesforce documentation for details)
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/resources_recent_items.htm
-
Although we have separate object for each standard picklist, they all share same keyprefix/objectType. The following code will remove all the request which are directed towards picklist objects (Taskstatus, Casestatus, solution status...)
for(Id str : responseIds){ if(Id.getsobjecttype() == 'Picklistmaster'){ responseIds.remove(str); } }
-
As for Loginhistory, the records later than 6 months will be deleted internally by salesforce. So if you run the 2 request (Query request, later data request) and if this 2 request happens to lie between the Salesforce maintenance window, then during your second request the id referred is already deleted from the org, hence the error. And make sure you have Manage Users permissions.
Solution 2
TL;DR - I wouldn't worry about these.
-
That Id looks fake. There's no proper object that has
000
key prefix. (there are lots of blog posts about "known key prefixes" on the net but pay attention to the timestamps, new objects are added with pretty much every release so content can get outdated).ObjectPermissions
should be prefixed with110
.Id i = '000000003guy001AAA'; System.debug(i.getSobjectType()); // System.SObjectException: Cannot locate Apex Type for ID: 000000003guy001AAA
Daniel Ballinger's blog post is ancient but great compilation: http://www.fishofprey.com/2011/09/obscure-salesforce-object-key-prefixes.html. He does list an entry for key "000" and it points to his another post: http://www.fishofprey.com/2011/06/salesforce-empty-key-id.html
-
The tables you have listed are real tables "but" most of them are for internal housekeeping, they're "picklists on steroids".
CaseStatus
deserves it's own table because changing status has side effects of marking case closed.PartnerRole
is special because it includes reverse partner roles for bidirectional mapping. You can't really grant Read/Create/Edit/Delete rights to these, at least not with whatObjectPermissions
is about. This would be checkboxes on Profile / Permission Set but most of them would be covered by "Configure Application".Do you have same issue with
OpportunityStage
orCampaignMemberStatus
? -
LoginHistory
isn't a picklist but probably protected by "Manage Users",EntityDefinition
hm... probably "View Setup and Configuration". -
My gut feel is SF includes these entries for completeness but they are blank if the parent profile / permission is special. Permissions can be always enabled (System Administrators, any other profile with "Modify all data" & "Author Apex" probably too) or always disabled (blocked by license for example). By block I mean situations like customer community license - there's no way you can grant access to Opportunity or Lead - the checkboxes simply aren't there. Similar with Platform User (access to 10 custom objects only), Chatter Plus license (or whatever is the correct name). So if there's no way to change it - why bother giving it a real id.
What do you get when you run this?
SELECT Id, SobjectType, Parent.Profile.Name, PermissionsRead FROM ObjectPermissions ORDER BY Id
Yes, it's bit weak explanation but remember that ObjectPermissions and FieldPermissions are still relatively new. The one source of truth is viewing Profiles as XML (metadata API) or running "describe" calls (Apex, SOAP API, REST API - only for current user). FieldPermissions doesn't have entries for all fields on the object (Id, CreatedById, SystemModstamp...) and nobody complains. These queryable objects are a shortcut but they have limitations.
Related videos on Youtube
Pavlo Mykhailyshyn
Updated on May 25, 2022Comments
-
Pavlo Mykhailyshyn almost 2 years
I execute a SOQL request to get all available record ids of the SObject 'ObjectPermissions'. Then I use the request to
GET /services/data/v48.0/sobjects/ObjectPermissions/{id}
to fetch all the necessary info for a specific record. As you can see in the first picture, I received a response with a total of 960 records. The problem is that for 285 entries I can’t get the information. Here is an example of the answer I received for one of 285: I highlighted the identifier of this record. Maybe this id is wrong.I observe the same with the following SObjects:
TaskStatus
TaskPriority
SolutionStatus
PartnerRole
OrderStatus
FlowDefinitionView
FieldSecurityClassification EntityDefinition
ContractStatus
CaseStatusI can observe the same behavior on different Salesforce organizations with regular objects (for example, Event, Task, and LoginHistory). But this behavior is not always reproducible in every organization.
Is Salesforce doing something wrong or I do not understand something?
-
Pavlo Mykhailyshyn over 3 yearsI`ll try to answer your questions 1. This is definitely not a connection problem. I can reproduce this behavior using postman and my custom script. 2. My System Administrator profile has 'Read Access' to all fields of each sobject. 3. Is this what I need to check in the user profile? Because I cannot find a field there that corresponds to 'full sharing access'.
-
Pavlo Mykhailyshyn over 3 years"What do you get when you run this?" I got the same answer you posted above. "That Id looks fake. There's no proper object that has 000 key prefix." You mean that every single record starting with the 000 key prefix is a reference and should be skipped. I'm right? I am using the developer edition with a sysadmin profile and the "ModifyAllData" checkbox is checked. How about the following records? FieldSecurityClassification/01J1v00000ZvcxnEAB LoginHistory/0Ya1v00005xdN8cCAE PermissionSetTabSetting/01P0Y00004NE7YQUA1 RecentlyViewed/0010Y00000dLzyvQAC I got the same error for them too.
-
eyescream over 3 yearsSame, skip them. These tables aren't really "permissionable", end users can't see & edit records in them. Some internal SF reason why they have rows for them at all.
FieldSecurityClassification
you don't edit as records, it's something that shows when you edit a field in Setup and it lets you put PII, HIPAA etc stuff.RecentlyViewed
is a helper table that contains mini view/small copies of records from different tables - again, you can't really edit anything in it, you'd edit the original Accounts etc. Even if your goal is to make backup of whole system - you can't write (restore) these. -
Pavlo Mykhailyshyn over 3 yearsIs it possible to filter out such sobjects? (If so, how can I handle this?) Can I find some useful information from a request to GET /services/data/v48.0/sobjects/{name}/describe to be able to differentiate some internal sobjects (system, crappy, etc. I don't know how to name them correctly)?
-
eyescream over 3 years
SELECT QualifiedApiName, IsEverCreatable FROM EntityDefinition WHERE IsEverCreatable = false
might be a good start, check if it comes close to your list and experiment with stuff from developer.salesforce.com/docs/atlas.en-us.api_tooling.meta/… ?IsFlsEnabled = false
? It can be normal query, doesn't need Tooling API. Won't help if there are profile- or record- specific fails though (like you mentioned Event, that was particular record? Maybe it's set to private or deleted in meantime)