Anyone know how to dynamically grab the current user's permission to access a given custom record? This is what I've tried, but it always seems to return FULL permission:

//Get User Permissions
			var objUser = runtime.getCurrentUser();
			//Get the environment internal ID for the custom record in the environment
			var objCustomRecord = record.create({
				type: 'customrecord_test'
			});
			var stCustomRecordTypeId = objCustomRecord.getValue({fieldId: 'rectype'});
			var stPaymentRecordPermission = objUser.getPermission({
				name: 'LIST_CUSTRECORDENTRY' + stCustomRecordTypeId
			});
			var stSublistPermission = stPaymentRecordPermission <= 1 ? serverWidget.FieldDisplayType.INLINE : serverWidget.FieldDisplayType.ENTRY;
			log.debug('DEBUG', 'User: ' + JSON.stringify(objUser));
			log.debug('DEBUG', 'Permission Level for LIST_CUSTRECORDENTRY' + stCustomRecordTypeId + ':' + stPaymentRecordPermission);

that looks like a partial solution

It's in the before load UE that executes as admin, so it shouldn't fail to execute that record.create

thats also probably why you have full permission as an admin

Yeah, you're probably right. Just weird because the user I'm returning still has the user's role listed, not admin. I guess that's just how the apis work. Thanks for your help.

run it using the current user's permissions

Yeah was trying to get the best of both worlds, but it appears no dice

if you are desperate, the hard way is to do a role search

That did the trick! Gross, but it works! Thanks for your help!

//Get User Permissions
			var objUser = runtime.getCurrentUser();
			log.debug('DEBUG', 'User: ' + JSON.stringify(objUser));
			//Get the environment internal ID for the custom record in the environment
			var objRecord = record.create({
				type: 'customrecord_test'
			});
			var stCustomRecordTypeId = 'LIST_CUSTRECORDENTRY' + objRecord.getValue({fieldId: 'rectype'});
			log.debug('DEBUG', 'Custom Record Permission Desired: ' + stCustomRecordTypeId);
			var arrFilters = [];
			arrFilters.push(search.createFilter({name: 'internalid', operator: 'anyof', values: [objUser.role]}));
			arrFilters.push(search.createFilter({name: 'permission', operator: 'anyof', values: [stCustomRecordTypeId]}));
			log.debug('DEBUG', 'Custom Record Permission Filters: ' + JSON.stringify(arrFilters));
			var arrPermissionSearchResults = commonUtil.search('role', null, arrFilters, ['permission','level']);
			var stSublistType = serverWidget.SublistType.LIST;
			var stSublistPermission = serverWidget.FieldDisplayType.INLINE;
			log.debug('DEBUG', 'Custom Record Permission Results: ' + JSON.stringify(arrPermissionSearchResults));
			for(var intPermissionIndex = 0; intPermissionIndex < arrPermissionSearchResults.length; intPermissionIndex++)
			{
				var stPaymentRecordPermissionLevel = arrPermissionSearchResults[intPermissionIndex].getValue({name: 'level'});
				log.debug('DEBUG', 'Permission Level for ' + stCustomRecordTypeId + ':' + stPaymentRecordPermissionLevel);
				if(stPaymentRecordPermissionLevel > 1)
				{
					stSublistType = serverWidget.SublistType.INLINEEDITOR;
					stSublistPermission = serverWidget.FieldDisplayType.ENTRY;
					log.debug('DEBUG', 'Permission Granted!');
				}
				break;
			}

depends on how generic your solution needs to be