Getting Started with Salesforce Flow – Part 42 (Running a Flow in System Mode)

Getting Started with Salesforce Flow – Part 42 (Running a Flow in System Mode)

Last Updated on January 20, 2021 by Rakesh Gupta

Big Idea or Enduring Question:

How do you run a Lightning Flow in system mode? 

Objectives:

This blog post will help us to understand the following

  • Difference between user mode vs system mode? 
  • How to create a flow that runs in the system mode

Business Use case

Vigne Kozacek is working as a System Administrator at Universal Containers (UC). They normally grant read access to account records to account team members. He received a requirement to develop an application that will allow all users to add Chatter followers to the account record without editing it. (It should also work in case if they have only read access to the account record.)

Automation Champion Approach (I-do):

In this article Getting Started with Process Builder – Part 20 (Add Chatter Followers to Record), we had discussed a way to auto-add Chatter followers to an account record using Process Builder. But it will only work for System Administrators or users with the Edit permission on the Account object. There are few business scenarios where a business wants to implement this for all users so that anyone can add followers without editing the account record. Let’s start working through the solution for the business use case.

We will use Flow and Process Builder because it runs in system mode. Before proceeding ahead, you have to understand User mode and System mode in Salesforce. 

  • System mode: In which the object and field-level permissions of the current user are ignored. 
  • User mode: In which the permissions, field-level security, and sharing rules of the current user are enforced.

A few points to remember

  • By default, Screen Flow runs in user mode.
    • But Salesforce provides an ability to runs it in system mode.
  • Record-Trigged Flow always runs in system mode.
  • Scheduled-Trigged Flow always runs in system mode.
  • Process Builder runs in system mode.
  • When you launch a Flow using the Process Builder, then it will run in system mode.

Before discussing the solution, let me show you a diagram of a Process Flow at a high level. Please spend a few minutes to go through the following Flow diagram and understand it.

Let’s begin building this automation process.

Guided Practice (We-do):

There are 5 steps to solve Vigne’s business requirement using Lightning Flow. We must: 

  1. Define flow properties for screen flow
  2. Create a text variable 
  3. Create a screen to capture the user data
    1. Add a screen element
    2. Add a Lookup component 
    3. Add a create records element
  4. Setup the flow runtime mode 
  5. Create a quick action 

Step 1: Define Flow Properties

  1. Click Setup.
  2. In the Quick Find box, type Flows.
  3. Select Flows then click on the New Flow.
  4. Select the Screen Flow option and click on Next and configure the flow as follows: 
    1. How do you want to start building: Freeform
  5. It will open the flow designer for you.

Step 2: Create a Text Variable 

Want the quick action to send the record’s ID to your flow? Create a variable like below and the rest Salesforce will handle for you. 

  1. Under Toolbox, select Manager. Click on the New Resource
  2. Input the following information:
    1. Resource Type: Variable
    2. API Name: recordId
    3. Data Type: Text
    4. Default Value: {!$GlobalConstant.EmptyString}
    5. Check Available for Input
    6. Check Available for Output
  3. Click Done

Step 3.1: Add a Screen Element 

  1. Under Toolbox, select Elements. Drag and drop Screen onto the canvas. 
  2. Input the following information:
    1. Enter Label the API Name will auto-populate.
  3. Click Done

Step 3.2: Add a Lookup Component to capture the user data whom they want to make a follower of the record

  1. Under Input section on Screen Element. Drag and drop Lookup onto the screen. 
  2. Input the following information:
    1. Enter API Name.
    2. Field API Name: CreatedById (Enter the field API Name that will show up in the list box to represent a record.)
    3. Label: Select a Follower (Enter a label that appears next to the lookup control)
    4. Object API Name: Account ( Enter the object API name) 
    5. Required: {!$GlobalConstant.True}
  3. Click Done.

Step 3.3: Add a Create Records Element to add followers into the Record 

  1. Under Toolbox, select Elements. Drag and drop Create Records onto the canvas. 
  2. Input the following information:
    1. Enter Label the API Name will auto-populate.
    2. How Many Records to Create: One
    3. How to Set the Record Fields: Use separate resources, and literal values
    4. Object: Entity Subscription
    5. Set Field Values for the Entity Subscription
    6. Row 1:
      1. Field: ParentId
      2. Value: {!recordId}
    7. Click Add Row
    8. Row 2:
      1. Field: SubscriberId
      2. Value: {!Select_a_Follower.recordId} (RecordId from screen component lookup field added in the step 3.2)
  3. Click Done.

Step 4: Setup the Flow Runtime Mode

For a flow running in the user context, the running user’s profile and permission sets determine the object permissions and field-level access of the flow. When a flow attempts to create, read, edit, or delete Salesforce data, it enforces the running user’s permissions and field-level access. For example, if the running user doesn’t have the edit permission for the Account object, and the flow attempts to update account records, an error occurs. If the running user doesn’t have permission to edit the Rating field on the Account object, and the flow attempts to update that field, an error occurs.

You can set a flow version to always run in the system context, overriding the context it normally runs in. If you choose system context with sharing, the flow respects org-wide default settings, role hierarchies, sharing rules, manual sharing, teams, and territories. But it doesn’t respect object permissions, field-level access, or other permissions of the running user.

  1. Connect the elements. It will look like the image below.
  2. Click Save.
  3. Enter Flow Label the API Name will auto-populate.
  4. Click Show Advanced.
  5. How to Run the Flow: System Context Without Sharing-Access All Data
  6. Type: Screen Flow
  7. API Version for Running the Flow: 50
  8. Interview Label: Add details to Account object {!$Flow.CurrentDateTime}
  9. Click Save

Almost there! Once everything looks good, click the Activate button.

Step 5: Create a Quick Action – Add Follower 

The next step is to create a quick action (Add Follower) on the Account object to call the Flow and add it to the page layout. 

  1. Click Setup.
  2. In the Object Manager, type Account.
  3. Select Buttons, Links, and Action, then click New Action.
  4. Input the following information:
    1. Select Flow as Action Type.
    2. Select Add Follower to Record as Flow.
    3. Enter Label the Name will auto-populate.
  5. Click Save.

Make sure to add the above quick action on the page layout. 

Proof of Concept

In this demo, I am going to use Adam Smith’s account (Profile assigned – Standard Read-Only). 

 The next step is to click on the Add Follower button and follow the instructions available on the Flow screen.

Finally, check out the Follower section available on the record detail page.

Formative Assessment:

I want to hear from you!  

What is one thing you learned from this post? How do you envision applying this new knowledge in the real world? 

Let me know by Tweeting me at @automationchamp, or find me on LinkedIn.

Have feedback, suggestions for posts, or need more information about Salesforce online training offered by me? Say hello, and leave a message!

5 thoughts on “Getting Started with Salesforce Flow – Part 42 (Running a Flow in System Mode)

  1. Hi Rakesh,

    In the above given scenario when I switch to user with the Read only profile I am not able to see Quick action for the flow on the Account object.I can see it as a system admin.Is there some setting adjustment needed in read only profile?

    Thanks.

  2. Unfortunately, I found the processbuilder and the flow called by the process builder all run under the context and permission of the user triggering the action (not some systemuser context). Maybe this has changed since this post was made? I could really use this feature.

    1. Interesting 😮

      Make sure that Filter Inaccessible Fields from Flow Requests (When creating or updating records, the flow can use sObject variables to define the field values. If the running user doesn’t have edit access to those fields, by default the flow fails to create or update the records. This setting filters the inaccessible fields from the request for Fast Create and Fast Update elements.) is not selected under Process Automation Settings

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.