Visualforce Developer Guide

Introducing Visualforce
Tools for Visualforce Development
Getting a Quick Start with Visualforce
Customizing the Appearance and Output of Visualforce Pages
Standard Controllers
Standard List Controllers
Custom Controllers and Controller Extensions
What are Custom Controllers and Controller Extensions?
Building a Custom Controller
Building a Controller Extension
Building a Custom List Controller
Controller Methods
Controller Class Security
Working with Large Sets of Data
Considerations for Creating Custom Controllers and Controller Extensions
Order of Execution in a Visualforce Page
Testing Custom Controllers and Controller Extensions
Validation Rules and Custom Controllers
Using the transient Keyword
Advanced Examples
Overriding Buttons, Links, and Tabs with Visualforce
Using Static Resources
Creating and Using Custom Components
Dynamic Visualforce Bindings
Dynamic Visualforce Components
Integrating Email with Visualforce
Visualforce Charting
Creating Maps with Visualforce
Render Flows with Visualforce
Templating with Visualforce
Developing for Mobile Devices
Adding Visualforce to a Force.com AppExchange App
Using JavaScript in Visualforce Pages
Best Practices
Standard Component Reference
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Controller Class Security

Like other Apex classes, you can specify whether a user can execute methods in a custom controller or controller extension class based on the user's profile.

If you’ve installed a managed package in your org, you can set security only for the Apex classes in the package that are declared as global or for classes that contain methods declared as webService.

If users have the “Author Apex” permission, they can access all Apex classes in the associated organization, regardless of the security settings for individual classes.

Note

Permission for an Apex class is checked only at the top level. For example, if class A calls class B, and a user profile has access only to class A but not class B, the user can still execute the code in class A. Likewise, if a Visualforce page uses a custom component with an associated controller, security is only checked for the controller associated with the page. The controller associated with the custom component executes regardless of permissions.

To set Apex class security from the class list page:

  1. From Setup, enter Apex Classes in the Quick Find box, then select Apex Classes.
  2. Next to the name of the class that you want to restrict, click Security.
  3. Select the profiles that you want to enable from the Available Profiles list and click Add, or select the profiles that you want to disable from the Enabled Profiles list and click Remove.
  4. Click Save.

To set Apex class security from the class detail page:

  1. From Setup, enter Apex Classes in the Quick Find box, then select Apex Classes.
  2. Click the name of the class that you want to restrict.
  3. Click Security.
  4. Select the profiles that you want to enable from the Available Profiles list and click Add, or select the profiles that you want to disable from the Enabled Profiles list and click Remove.
  5. Click Save.