Close Menu
SalesforceCodex
    Facebook X (Twitter) Instagram
    Trending
    • 10 Salesforce Chrome Extensions to Boost Your Productivity
    • How to Build a Generic Modal Window in Lightning Web Component
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    • Top 10 PMD Issues Salesforce Developers Should Focus on in Apex
    Facebook X (Twitter) Instagram
    SalesforceCodex
    Subscribe
    Saturday, June 14
    • Home
    • Architecture
    • Salesforce
      • News
      • Apex
      • Integration
      • Books Testimonial
    • Questions
    • Certification
      • How to Prepare for Salesforce Integration Architect Exam
      • Certification Coupons
    • Integration Posts
    • Downloads
    • About Us
      • Privacy Policy
    SalesforceCodex
    Home»Salesforce»Apex»Secure Apex Code with User Mode Operation

    Secure Apex Code with User Mode Operation

    Dhanik Lal SahniBy Dhanik Lal SahniDecember 29, 2022Updated:December 29, 2022No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Secure User Mode in Apex
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Apex code executes by default in system mode which means it will ignore the current user’s permission while code execution. This way, even if the running user does not have access to an object but they will able to access the object. This can be a security risk for database records if the application is not built properly. Someone might delete records even if he/she doesn’t have delete access to the object. This post will explain user mode access level permission which will secure Apex code with user mode operation.

    Before we understand the new user mode of operation let us see what is the benefit of running apex code in user mode. In user mode, Profile level permissions, field-level security, and sharing rules are applied for the running user. So if we run apex code in user mode then it will respect users’ permissions and sharing of records. For example, if the logged-in user does not have access to an object or a record, then they will not be able to access that object. They will get exceptions while executing code.

    System Operation and Execution Mode

    A lot of operations run in system mode and a lot in user mode. Here is a list of operations with their execution mode.

    System ModeUser Mode
    Apex Class and TriggerAnonymous Apex
    Apex WebservicesChatter in Apex
    Validation Rule, Auto Response Rule, Assignment Rule, Workflow Rule, Escalation Rule, Rollup SummaryEmail Service
    Approval Process, Publisher ActionStandard Controller
    Test method without System.runAs() Test method with System.runAs()
    Background or Async Jobs
    Flow called from Process Builder, Workflow, Custom Button, REST APIFlow

    Secure Code Options

    I have observed in the last few releases, Salesforce is more focused on secure code and added many secure code execution features. Let us see all available secure code features/methods

    1. Schema Methods

    We can use Schema.DescribeFieldResult to check whether the current user has read, create, or update access for a field.

    For example, if we want to check that logged user has read access on the PersonEmail field of the Account Object, we can enclose the SOQL query inside an if block that checks for field access using the Schema methods described above.

    2. WITH SECURITY_ENFORCED

    WITH SECURITY_ENFORCED clause can be used in SOQL queries to enforce field and object level security permissions.

    Field-level permissions are checked for all the fields that are retrieved in the SELECT clause(s) of the query. Since this clause only works inside a SOQL query, it’s only useful when we want to check for read access on a field.

    The above query will return the Id, Email, and Name of Accounts, and the LastName of the related contacts, only if the user has read access to all of these three fields. If the user doesn’t have access to at least one of these fields, the query throws a System.QueryException exception and no results are returned.

    3. stripInaccessible

    stripInaccessible method will enforce field and object level security in Apex. This method will strip fields from sObject list for which the current user does not have permission.

    New Secure User Mode Operation:

    4. User Mode Operation in SOQL

    With the new User Mode database operation, we can now specify user mode in SOQL query. if the user does not have CRUD access to the object then it will throw an error.

    Let us take we have vendor object and there is no CRUD access to the user. When we run the below SOQL without user mode, it will execute without any error.

    When we execute the same SOQL with the User Mode operation, it will throw an error.

    We will get QueryException

    System.QueryException: sObject type 'Vendor__c' is not supported. If you are attempting to use a custom object, be sure to append the '__c' after the entity name. Please reference your WSDL or the describe call for the appropriate names.

    How to use User Mode Operation in Static Query:

    How to use User Mode Operation in Dynamic Query:

    Search Query

    Benefit Of User Mode Operation:

    Now users will have restricted access and without CRUD permission they can not do any operation. This will help the loss of data. It will also help in reducing incorrect data as the user was saving with elevated permission.

    Summary:

    Salesforce provided different ways to secure your code, and fully utilized these code practices to make your Salesforce Org secure.

    1. Schema Methods – This will identify a field that has CRUD access to the user.
    2. WITH SECURITY_ENFORCED – SOQL queries to enforce field and object level security permissions. Can be used in SOQL only.
    3. StripInAccessible –  method will enforce field and object-level security in Apex. This will strip fields to which the user does not have access.
    4. User Mode – This will help us in running queries with current user permission.

    References:

     Enforce Object-level and Field-level permissions in Apex

    Secure Apex Code with User Mode Database Operations (Generally Available)

    Related Posts

    Top 5 Session Security for LWC

    Basics of Securing Salesforce Application

    apex salesforce salesforce apex secure apex secure apex code spring 23 release user mode in apex user mode operation in apex
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleObject Initializer in Salesforce Apex
    Next Article Generic Multi-Select Lookup Component
    Dhanik Lal Sahni
    • Website
    • Facebook
    • X (Twitter)

    With over 18 years of experience in web-based application development, I specialize in Salesforce technology and its ecosystem. My journey has equipped me with expertise in a diverse range of technologies including .NET, .NET Core, MS Dynamics CRM, Azure, Oracle, and SQL Server. I am dedicated to staying at the forefront of technological advancements and continuously researching new developments in the Salesforce realm. My focus remains on leveraging technology to create innovative solutions that drive business success.

    Related Posts

    By Dhanik Lal Sahni9 Mins Read

    10 Salesforce Chrome Extensions to Boost Your Productivity

    June 1, 2025
    By Dhanik Lal Sahni4 Mins Read

    How to Build a Generic Modal Window in Lightning Web Component

    May 26, 2025
    By Dhanik Lal Sahni6 Mins Read

    Top 10 Salesforce Flow Features of Salesforce Summer ’25

    May 11, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    Ranked #1 SALESFORCE DEVELOPER BLOG BY SALESFORCEBEN.COM
    Featured on Top Salesforce Developer Blog By ApexHours
    Recent Posts
    • 10 Salesforce Chrome Extensions to Boost Your Productivity
    • How to Build a Generic Modal Window in Lightning Web Component
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    Ranked in Top Salesforce Blog by feedspot.com
    RSS Recent Stories
    • Top 20 Salesforce Data Cloud Interview Questions & Answers for Admins June 5, 2025
    • How to Connect Excel to Salesforce to Manage Your Data and Metadata February 9, 2025
    • Difference Between With Security and Without Security in Apex January 2, 2025
    • Top Reasons to Love Salesforce Trailhead: A Comprehensive Guide December 5, 2024
    • How to Utilize Apex Properties in Salesforce November 3, 2024
    Archives
    Categories
    Tags
    apex (111) apex code best practice (8) apex rest (11) apex trigger best practices (4) architecture (22) Asynchronous apex (9) AWS (5) batch apex (9) batch processing (4) code analysis (3) code optimization (8) custom metadata types (5) design principle (9) flow (15) future method (4) google (6) google api (4) integration (19) integration architecture (6) lighting (8) lightning (65) lightning-combobox (5) lightning-datatable (10) lightning component (31) Lightning web component (63) lwc (52) named credential (8) news (4) optimize apex code (4) optimize apex trigger (3) Permission set (4) pmd (3) Queueable (9) rest api (23) S3 Server (4) salesforce (142) salesforce apex (47) salesforce api (4) salesforce api integration (5) Salesforce Interview Question (4) salesforce news (5) salesforce question (5) solid (6) tooling api (5) Winter 20 (8)

    Get our newsletter

    Want the latest from our blog straight to your inbox? Chucks us your detail and get mail when new post is published.
    * indicates required

    Facebook X (Twitter) Instagram Pinterest YouTube Tumblr LinkedIn Reddit Telegram
    © 2025 SalesforceCodex.com. Designed by Vagmine Cloud Solution.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.