First-Generation Managed Packaging Developer Guide

First-Generation Managed Packages
Why Switch to Second-Generation Managed Packaging?
Move to 2GP: Migrate Your Managed Packages with Ease
Register a Namespace for a First-Generation Managed Package
Create a First-Generation Managed Package Using a UI
Create a First-Generation Managed Package using Salesforce DX
Components Available in First-Generation Managed Packages
Behavior of Specific Metadata in First-Generation Managed Packages
Get Access to Agentforce in Your 1GP Packaging Org
Components Automatically Added to First-Generation Managed Packages
Protected Components in Managed Packages
Set Up a Platform Cache Partition with Provider Free Capacity
Package Dependencies in First-Generation Managed Packages
Metadata Access in Apex Code
Permission Sets and Profile Settings in Packages
Permission Set Groups
Custom Profile Settings
Protecting Your Intellectual Property
Call Salesforce URLs Within a Package
Develop App Documentation
API and Dynamic Apex Access in Packages
Manage API and Dynamic Apex Access in Packages
Configure Default Package Versions for API Calls
About the Partner WSDL
Generate an Enterprise WSDL with Managed Packages
Work with Services Outside of Salesforce
Connected Apps
Package and Test Your First-Generation Managed Package
Update Your First-Generation Managed Package
Publish Upgrades to First-Generation Managed Packages
Manage Licenses for Managed Packages
Manage Features in First-Generation Managed Packages
AppExchange App Analytics for First-Generation Managed Packages
Developing and Distributing Unmanaged Packages
PDF

API and Dynamic Apex Access in Packages

Apex Package components have access via dynamic Apex and the API to standard and custom objects in the organization where they’re installed.

API Access is a package setting that controls the dynamic Apex and API access that package components have to standard and custom objects. The setting displays for both the developer and installer on the package detail page. With this setting:

  • The developer of an AppExchange package can restrict API access for a package before uploading it to AppExchange. After it’s restricted, the package components receive Apex and API sessions that are restricted to the custom objects in the package. The developer can also enable access to specific standard objects, and any custom objects in other packages that this package depends on.
  • The installer of a package can accept or reject package access privileges when installing the package to their organization.
  • After installation, an administrator can change Apex and API access for a package at any time. The installer can also enable access on additional objects such as custom objects created in the installer's organization or objects installed by unrelated packages.

There are two possible options for the API Access setting:

  • The default Unrestricted, which gives the package components the same API access to standard objects as the user who is logged in when the component sends a request to the API. Apex runs in system mode. Unrestricted access gives Apex read access to all standard and custom objects.
  • Restricted, which allows the administrator to select which standard objects the components in the package can access. Further, the components in restricted packages can only access custom objects in the current package if the user has the object permissions that provide access to them.

Considerations for API and Dynamic Apex Access in Packages

By default, dynamic Apex can only access the components with which the code is packaged. To provide access to standard objects not included in the package, the developer must set the API Access.

  1. From Setup, enter Packages in the Quick Find box, then select Packages.
  2. Select the package that contains a dynamic Apex that needs access to standard objects in the installing organization.
  3. In the Package Detail related list, click Enable Restrictions or Restricted, whichever is available.
  4. Set the access level (Read, Create, Edit, Delete) for the standard objects that the dynamic Apex can access.
  5. Click Save.

Choosing Restricted for the API Access setting in a package affects the following:

  • API access in a package overrides the following user permissions:
    • Author Apex
    • Customize Application
    • Edit HTML Templates
    • Edit Read Only Fields
    • Manage Billing
    • Manage Call Centers
    • Manage Categories
    • Manage Custom Report Types
    • Manage Dashboards
    • Manage Letterheads
    • Manage Package Licenses
    • Manage Public Documents
    • Manage Public List Views
    • Manage Public Reports
    • Manage Public Templates
    • Manage Users
    • Transfer Record
    • Use Team Reassignment Wizards
    • View Setup and Configuration
    • Weekly Export Data
  • If Read, Create, Edit, and Delete access aren’t selected in the API access setting for objects, users don’t have access to those objects from the package components, even if the user has the Modify All Data and View All Data permissions.
  • A package with Restricted API access can’t create users.
  • Salesforce denies access to Web service and executeanonymous requests from an AppExchange package that has Restricted access.

The following considerations also apply to API access in packages:

  • Workflow rules and Apex triggers fire regardless of API access in a package.
  • If a component is in more than one package in an organization, API access is unrestricted for that component in all packages in the organization regardless of the access setting.
  • If Salesforce introduces a new standard object after you select restricted access for a package, access to the new standard object isn’t granted by default. You must modify the restricted access setting to include the new standard object.
  • When you upgrade a package, changes to the API access are ignored even if the developer specified them, which ensures that the administrator installing the upgrade has full control. Installers must carefully examine the changes in package access in each upgrade during installation and note all acceptable changes. Then, because those changes are ignored, the administrator must manually apply any acceptable changes after installing an upgrade.
  • S-controls are served by Salesforce and rendered inline in Salesforce. Because of this tight integration, there are several means by which an s-control in an installed package could escalate its privileges to the user’s full privileges. In order to protect the security of organizations that install packages, s-controls have the following limitations:
    • For packages you’re developing (that is, not installed from AppExchange), you can only add s-controls to packages with the default Unrestricted API access. After a package has an s-control, you can’t enable Restricted API access.
    • For packages you’ve installed, you can enable access restrictions even if the package contains s-controls. However, access restrictions provide only limited protection for s-controls. Salesforce recommends that you understand the JavaScript in an s-control before relying on access restriction for s-control security.
    • If an installed package has Restricted API access, upgrades are successful only if the upgraded version doesn’t contain any s-controls. If s-controls are present in the upgraded version, you must change the currently installed package to Unrestricted API access.