Skip to main content

Posts

Showing posts with the label security

Field Level Security in Apex: WITH SECURITY_ENFORCED vs. Security.stripInaccessible

Every time your users access Lightning (web) component or Visualforce page the background Apex code is being run in user context. What does it mean? If there's with sharing keyword on your class definition or you are inheriting with sharing from another class, sharing rules are enforced. In other words SOQL query will return only records, that are visible for current user. And that's great, this is one security concern less. However object level security and field level security permissions are not respected , therefore results of database queries will contain fields, that current user doesn't have access to. There are 3 different ways, how to ensure your user will not see, what he's not supposed to see. WITH SECURITY_ENFORCED clause on SOQL queries Security class and its method stripInaccessible DescribeFieldResult class and its method isAccessible Let's inspect them one by one. Let's get our playground ready First, we need to get our laboratory rea...

About author

My photo
Jan Binder
Experienced Salesforce Technical Architect and Team Lead with a proven track record of delivering successful enterprise projects for major global companies across diverse industries, including automotive, oil & gas, and construction.