Apex Security Flashcards
What are some ways to enforce our declarative security model?
Ensuring that the apex code respects the object, field, and record level security we’ve set up for whatever user no matter if they are running the code directly or indirectly.
How can we ensure Apex Security for our visualforce and lightning components?
Using Apex controllers will ensure these apply to these to interact with interfaces.
What are the 3 sharing keywords?
With sharing enforces the record access for the user based on if they own the record
Without sharing forces to run in system mode
Inherited sharing is a mix of both with most access to records being dependent on the situation
can find a table in the note
What are the three main ways to enforce object and field level security?
- WITH SECURITY_ENFORCED SOQL clause
- stripInaccessible Method
- classes and methods from the Schema namespace
from easiest to most difficult to implement
from least to most precise
What is “WITH SECURITY_ENFORCED SOQL Clause”?
- When a query with this clause is executed, the system will check to make sure that the user invoking the query has read access to any objects and all fields that are queries
- If they don’t have access to a particular object/field, a System.QueryException will be thrown - so we’ll have to implement some error handling to ensure we don’t crash
tldr: the clause will raise exception in case SOQL query tries to access something, that’s not visible for the user.
it isn’t very useful because users usually need to know
What is stripInaccessible Method?
It defines two parameters
- an AccessType enum (create, read, update, upsert)
- a list of generic sObjects
good for field level security
bad for object level security
What is schema namespace?
- Using the schema namespace using classes and methods is the best option.
- Each sObject has it’s own static member that are instances of the DescribeSObjectResult class. And can invoke whichever operation of the object.
Tell me about Apex Managed Sharing
- Apex Managed Sharing is the process of programmatically sharing a record with a user.
- Each has a main engine as the share object and share objects as system objects created by Salesforce, each separated by standard and custom objects.
Each share object has 4 fields that has to be populated. Can you name and describe each one?
- AccessLevel, which can be Read or Edit
- UserOrGroupId, which takes the record Id of the user or group we’re sharing with
- ParentId, which holds the Id of the record that we’re sharing
- RowCause, which holds our reason for sharing the record