Newer Version Available

This content describes an older version of this product. View Latest

Security Class (Pilot)

Contains methods to securely implement Apex applications.

This pilot feature is available automatically in sandbox, developer, and scratch organizations as a pilot program. The functionality of this feature is subject to change, and is not available for production organizations while in pilot. Pilot programs are subject to change, and we can’t guarantee acceptance. This feature isn’t generally available unless or until Salesforce announces its general availability in documentation or in press releases or public statements. We can’t guarantee general availability within any particular time frame or at all. Make your purchase decisions only on the basis of generally available products and features. You can provide feedback and suggestions for this feature in the Security.stripInaccessible group in the IdeaExchange.

Note

Namespace

System

Usage

In the context of the current user’s create, read, or update operation, use the methods to:
  • Strip fields that aren’t visible from query results
  • Remove inaccessible fields before a DML operation without causing an exception
  • Sanitize sObjects that have been deserialized from an untrusted source

Security Methods

The following are methods for Security.

stripInaccessible(accessCheckType, sourceRecords, enforceRootObjectCRUD)

Creates a list of sObjects from the source records, which are stripped of fields that fail the field-level security checks for the current user. The method also provides an option to enforce an object-level access check.

Signature

public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords, Boolean enforceRootObjectCRUD)

Parameters

accessCheckType
Type: System.AccessType
Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
sourceRecords
Type: List<SObject>
A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.
enforceRootObjectCRUD
Type: Boolean
Indicates whether an object-level access check is performed. If this parameter is set to true and the access check fails, the method throws an exception. The default value of this optional parameter is true.

Return Value

Type: System.SObjectAccessDecision

Example

In this example, the user doesn’t have permission to create the Probability field of an Opportunity.

1List<Opportunity> opportunities = new List<Opportunity>{
2    new Opportunity(Name='Opportunity1'),
3    new Opportunity(Name='Opportunity2', Probability=95)
4};
5
6// Strip fields that are not creatable
7SObjectAccessDecision decision = Security.stripInaccessible(
8    AccessType.CREATABLE,
9    opportunities);
10
11// Print stripped records
12for (SObject strippedOpportunity : decision.getRecords()) {
13    System.debug(strippedOpportunity);
14}
15
16// Print modified indexes
17System.debug(decision.getModifiedIndexes());
18
19// Print removed fields
20System.debug(decision.getRemovedFields());
21
22//Lines from output log
23//|DEBUG|Opportunity:{Name=Opportunity1}
24//|DEBUG|Opportunity:{Name=Opportunity2}
25//|DEBUG|{1}
26//|DEBUG|{Opportunity={Probability}}

stripInaccessible(accessCheckType, sourceRecords)

Creates a list of sObjects from the source records, which are stripped of fields that fail the field-level security checks for the current user.

Signature

public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords)

Parameters

accessCheckType
Type: System.AccessType
Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
sourceRecords
Type: List<SObject>
A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.

Return Value

Type: System.SObjectAccessDecision

Example

In this example, the user doesn’t have permission to read the ActualCost field of a Campaign.

1List<Campaign> campaigns = new List<Campaign>{
2    new Campaign(Name='Campaign1', BudgetedCost=1000, ActualCost=2000),
3    new Campaign(Name='Campaign2', BudgetedCost=4000, ActualCost=1500)
4};
5insert campaigns;
6        
7// Strip fields that are not readable
8SObjectAccessDecision decision = Security.stripInaccessible(
9    AccessType.READABLE,
10    [SELECT Name, BudgetedCost, ActualCost from Campaign]);
11        
12// Print stripped records
13for (SObject strippedCampaign : decision.getRecords()) {
14    System.debug(strippedCampaign); // Does not display ActualCost
15}
16
17// Print modified indexes
18System.debug(decision.getModifiedIndexes());
19
20// Print removed fields
21System.debug(decision.getRemovedFields());
22
23//Lines from output log
24//|DEBUG|Campaign:{Name=Campaign1, BudgetedCost=1000, Id=701xx00000011nhAAA}
25//|DEBUG|Campaign:{Name=Campaign2, BudgetedCost=4000, Id=701xx00000011niAAA}
26//|DEBUG|{0, 1}
27//|DEBUG|{Campaign={ActualCost}}