Apex code executes by default in system mode which means it will ignore the current user’s permission while code execution. This way, even if the running user does not have access to an object but they will able to access the object. This can be a security risk for database records if the application is not built properly. Someone might delete records even if he/she doesn’t have delete access to the object. This post will explain user mode access level permission which will secure Apex code with user mode operation.
Before we understand the new user mode of operation let us see what is the benefit of running apex code in user mode. In user mode, Profile level permissions, field-level security, and sharing rules are applied for the running user. So if we run apex code in user mode then it will respect users’ permissions and sharing of records. For example, if the logged-in user does not have access to an object or a record, then they will not be able to access that object. They will get exceptions while executing code.
System Operation and Execution Mode
A lot of operations run in system mode and a lot in user mode. Here is a list of operations with their execution mode.
|System Mode||User Mode|
|Apex Class and Trigger||Anonymous Apex|
|Apex Webservices||Chatter in Apex|
|Validation Rule, Auto Response Rule, Assignment Rule, Workflow Rule, Escalation Rule, Rollup Summary||Email Service|
|Approval Process, Publisher Action||Standard Controller|
|Test method without System.runAs()||Test method with System.runAs()|
|Background or Async Jobs|
|Flow called from Process Builder, Workflow, Custom Button, REST API||Flow|
Secure Code Options
I have observed in the last few releases, Salesforce is more focused on secure code and added many secure code execution features. Let us see all available secure code features/methods
1. Schema Methods
We can use Schema.DescribeFieldResult to check whether the current user has read, create, or update access for a field.
For example, if we want to check that logged user has read access on the PersonEmail field of the Account Object, we can enclose the SOQL query inside an if block that checks for field access using the Schema methods described above.
2. WITH SECURITY_ENFORCED
WITH SECURITY_ENFORCED clause can be used in SOQL queries to enforce field and object level security permissions.
Field-level permissions are checked for all the fields that are retrieved in the SELECT clause(s) of the query. Since this clause only works inside a SOQL query, it’s only useful when we want to check for read access on a field.
The above query will return the Id, Email, and Name of Accounts, and the LastName of the related contacts, only if the user has read access to all of these three fields. If the user doesn’t have access to at least one of these fields, the query throws a System.QueryException exception and no results are returned.
stripInaccessible method will enforce field and object level security in Apex. This method will strip fields from sObject list for which the current user does not have permission.
New Secure User Mode Operation:
4. User Mode Operation in SOQL
With the new User Mode database operation, we can now specify user mode in SOQL query. if the user does not have CRUD access to the object then it will throw an error.
Let us take we have vendor object and there is no CRUD access to the user. When we run the below SOQL without user mode, it will execute without any error.
When we execute the same SOQL with the User Mode operation, it will throw an error.
We will get QueryException
System.QueryException: sObject type 'Vendor__c' is not supported. If you are attempting to use a custom object, be sure to append the '__c' after the entity name. Please reference your WSDL or the describe call for the appropriate names.
How to use User Mode Operation in Static Query:
How to use User Mode Operation in Dynamic Query:
Benefit Of User Mode Operation:
Now users will have restricted access and without CRUD permission they can not do any operation. This will help the loss of data. It will also help in reducing incorrect data as the user was saving with elevated permission.
Salesforce provided different ways to secure your code, and fully utilized these code practices to make your Salesforce Org secure.
- Schema Methods – This will identify a field that has CRUD access to the user.
- WITH SECURITY_ENFORCED – SOQL queries to enforce field and object level security permissions. Can be used in SOQL only.
- StripInAccessible – method will enforce field and object-level security in Apex. This will strip fields to which the user does not have access.
- User Mode – This will help us in running queries with current user permission.
Enforce Object-level and Field-level permissions in Apex
Secure Apex Code with User Mode Database Operations (Generally Available)
Top 5 Session Security for LWC