Apex Security Flashcards

1
Q

What are some ways to enforce our declarative security model?

A

Ensuring that the apex code respects the object, field, and record level security we’ve set up for whatever user no matter if they are running the code directly or indirectly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can we ensure Apex Security for our visualforce and lightning components?

A

Using Apex controllers will ensure these apply to these to interact with interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 3 sharing keywords?

A

With sharing enforces the record access for the user based on if they own the record

Without sharing forces to run in system mode

Inherited sharing is a mix of both with most access to records being dependent on the situation

can find a table in the note

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three main ways to enforce object and field level security?

A
  • WITH SECURITY_ENFORCED SOQL clause
  • stripInaccessible Method
  • classes and methods from the Schema namespace

from easiest to most difficult to implement

from least to most precise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is “WITH SECURITY_ENFORCED SOQL Clause”?

A
  • When a query with this clause is executed, the system will check to make sure that the user invoking the query has read access to any objects and all fields that are queries
  • If they don’t have access to a particular object/field, a System.QueryException will be thrown - so we’ll have to implement some error handling to ensure we don’t crash

tldr: the clause will raise exception in case SOQL query tries to access something, that’s not visible for the user.

it isn’t very useful because users usually need to know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is stripInaccessible Method?

A

It defines two parameters

  • an AccessType enum (create, read, update, upsert)
  • a list of generic sObjects

good for field level security

bad for object level security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is schema namespace?

A
  • Using the schema namespace using classes and methods is the best option.
  • Each sObject has it’s own static member that are instances of the DescribeSObjectResult class. And can invoke whichever operation of the object.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tell me about Apex Managed Sharing

A
  • Apex Managed Sharing is the process of programmatically sharing a record with a user.
  • Each has a main engine as the share object and share objects as system objects created by Salesforce, each separated by standard and custom objects.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Each share object has 4 fields that has to be populated. Can you name and describe each one?

A
  • AccessLevel, which can be Read or Edit
  • UserOrGroupId, which takes the record Id of the user or group we’re sharing with
  • ParentId, which holds the Id of the record that we’re sharing
  • RowCause, which holds our reason for sharing the record
How well did you know this?
1
Not at all
2
3
4
5
Perfectly