Saturday, December 29, 2018

How to Enforce Field-Level Security Permissions for SOQL Queries?


This post explains how to enforce field level security permissions for SOQL queries,
In Spring' 19 release salesforce introducing this feature, at the time of writing this post this feature in Beta stage.
Use the WITH SECURITY_ENFORCED clause to enable checking for the field- and object-level security permissions on SOQL SELECT queries, including subqueries and cross-object relationships. Although performing these checks was possible in earlier releases, this clause substantially reduces the verbosity and technical complexity in query operations.

How it Works?

If fields or objects referenced in the SELECT clause using WITH SECURITY_ENFORCED are inaccessible to the user, an exception is thrown, and no data is returned.

Example: 1
SELECT Id, Name, StageName, ClosedDate FROM Opportunity WITH SECURITY_ENFORCED
if the stage name is inaccessible to the user it throws an exception insufficient permissions. and no data return.

Example: 2
SELECT Id, (SELECT FirstName, LastName FROM Contacts), (SELECT Description, StageName, CloseDate FROM Opportunities) 
       FROM Account WITH SECURITY_ENFORCED
if the First Name, stage name is inaccessible to the user it throws an exception insufficient permissions. and no data return.

Resource
http://releasenotes.docs.salesforce.com/en-us/spring19/release-notes/rn_apex_select_with_security_enforced.htm

No comments:

Post a Comment