Every time your users access Lightning (web) component or Visualforce page the background Apex code is being run in user context. What does it mean? If there's with sharing keyword on your class definition or you are inheriting with sharing from another class, sharing rules are enforced. In other words SOQL query will return only records, that are visible for current user. And that's great, this is one security concern less. However object level security and field level security permissions are not respected , therefore results of database queries will contain fields, that current user doesn't have access to. There are 3 different ways, how to ensure your user will not see, what he's not supposed to see. WITH SECURITY_ENFORCED clause on SOQL queries Security class and its method stripInaccessible DescribeFieldResult class and its method isAccessible Let's inspect them one by one. Let's get our playground ready First, we need to get our laboratory rea
Solutions, implementation tips, benchmarks and news from the world of Salesforce especially focused on technical side of things.
