Apex Developer Guide

Apex Developer Guide
Getting Started with Apex
Writing Apex
Running Apex
Debugging, Testing, and Deploying Apex
Apex Language Reference
Apex DML Operations
ApexPages Namespace
AppLauncher Namespace
Approval Namespace
Auth Namespace
Cache Namespace
Canvas Namespace
ChatterAnswers Namespace
ConnectApi Namespace
Database Namespace
Datacloud Namespace
DataSource Namespace
Dom Namespace
EventBus Namespace
Flow Namespace
KbManagement Namespace
Messaging Namespace
Metadata Namespace
Process Namespace
QuickAction Namespace
Reports Namespace
Schema Namespace
Search Namespace
Sfc Namespace
Site Namespace
Support Namespace
System Namespace
AccessType Enum
Address Class
Answers Class
ApexPages Class
Approval Class
Blob Class
Boolean Class
BusinessHours Class
Callable Interface
Cases Class
Comparable Interface
Continuation Class
Cookie Class
Crypto Class
Custom Settings Methods
Database Class
Date Class
Datetime Class
Decimal Class
Double Class
EncodingUtil Class
Enum Methods
EventBus Class
Exception Class and Built-In Exceptions
FlexQueue Class
FeatureManagement Class
Formula Class
FormulaRecalcFieldError Class
FormulaRecalcResult Class
Http Class
HttpCalloutMock Interface
HttpRequest Class
HttpResponse Class
Id Class
Ideas Class
InstallHandler Interface
Integer Class
JSON Class
JSONGenerator Class
JSONParser Class
JSONToken Enum
Limits Class
List Class
Location Class
Long Class
Map Class
Matcher Class
Math Class
Messaging Class
MultiStaticResourceCalloutMock Class
Network Class
OrgLimit Class
OrgLimits Class
PageReference Class
Packaging Class
getCurrentPackageId()
Pattern Class
Queueable Interface
QueueableContext Interface
QuickAction Class
RemoteObjectController
ResetPasswordResult Class
RestContext Class
RestRequest Class
RestResponse Class
SandboxPostCopy Interface
Schedulable Interface
SchedulableContext Interface
Schema Class
Search Class
Security Class (Beta)
Security Methods
SelectOption Class
Set Class
Site Class
SObject Class
SObjectAccessDecision Class
StaticResourceCalloutMock Class
String Class
StubProvider Interface
System Class
Test Class
Time Class
TimeZone Class
Trigger Class
TriggerOperation Enum
Type Class
UninstallHandler Interface
URL Class
UserInfo Class
UserManagement Class
Version Class
WebServiceCallout Class
WebServiceMock Interface
XmlStreamReader Class
XmlStreamWriter Class
TerritoryMgmt Namespace
TxnSecurity Namespace
UserProvisioning Namespace
VisualEditor Namespace
wave Namespace
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Security Class (Beta)

Contains methods to securely implement Apex applications.

As a beta feature, stripInaccessible method is a preview and isn’t part of the “Services” under your master subscription agreement with Salesforce. Use this feature at your sole discretion, and make your purchase decisions only on the basis of generally available products and features. Salesforce doesn’t guarantee general availability of this feature within any particular time frame or at all, and we can discontinue it at any time. This feature is for evaluation purposes only, not for production use. It’s offered as is and isn’t supported, and Salesforce has no liability for any harm or damage arising out of or in connection with it. All restrictions, Salesforce reservation of rights, obligations concerning the Services, and terms for related Non-Salesforce Applications and Content apply equally to your use of this feature. You can provide feedback and suggestions for this feature in the Security.stripInaccessible group in the IdeaExchange.

Note

Namespace

System

Usage

In the context of the current user’s create, read, update, or upsert access permission, use the Security class methods to:
  • Strip fields that aren’t visible from query and subquery results
  • Remove inaccessible fields before a DML operation without causing an exception
  • Sanitize SObjects that have been deserialized from an untrusted source

Security Methods

The following are methods for Security.

stripInaccessible(accessCheckType, sourceRecords, enforceRootObjectCRUD)

Creates a list of sObjects from the source records, which are stripped of fields that fail the field-level security checks for the current user. The method also provides an option to enforce an object-level access check.

Signature

public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords, Boolean enforceRootObjectCRUD)

Parameters

accessCheckType
Type: System.AccessType
Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
sourceRecords
Type: List<SObject>
A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.
enforceRootObjectCRUD
Type: Boolean
Indicates whether an object-level access check is performed. If this parameter is set to true and the access check fails, the method throws an exception. The default value of this optional parameter is true.

Return Value

Type: System.SObjectAccessDecision

Example

In this example, the user doesn’t have permission to create the Probability field of an Opportunity.

1List<Opportunity> opportunities = new List<Opportunity>{
2    new Opportunity(Name='Opportunity1'),
3    new Opportunity(Name='Opportunity2', Probability=95)
4};
5
6// Strip fields that are not creatable
7SObjectAccessDecision decision = Security.stripInaccessible(
8    AccessType.CREATABLE,
9    opportunities);
10
11// Print stripped records
12for (SObject strippedOpportunity : decision.getRecords()) {
13    System.debug(strippedOpportunity);
14}
15
16// Print modified indexes
17System.debug(decision.getModifiedIndexes());
18
19// Print removed fields
20System.debug(decision.getRemovedFields());
21
22//Lines from output log
23//|DEBUG|Opportunity:{Name=Opportunity1}
24//|DEBUG|Opportunity:{Name=Opportunity2}
25//|DEBUG|{1}
26//|DEBUG|{Opportunity={Probability}}

stripInaccessible(accessCheckType, sourceRecords)

Creates a list of sObjects from the source records, which are stripped of fields that fail the field-level security checks for the current user.

Signature

public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords)

Parameters

accessCheckType
Type: System.AccessType
Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
sourceRecords
Type: List<SObject>
A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.

Return Value

Type: System.SObjectAccessDecision

Example

In this example, the user doesn’t have permission to read the ActualCost field of a Campaign.

1List<Campaign> campaigns = new List<Campaign>{
2    new Campaign(Name='Campaign1', BudgetedCost=1000, ActualCost=2000),
3    new Campaign(Name='Campaign2', BudgetedCost=4000, ActualCost=1500)
4};
5insert campaigns;
6        
7// Strip fields that are not readable
8SObjectAccessDecision decision = Security.stripInaccessible(
9    AccessType.READABLE,
10    [SELECT Name, BudgetedCost, ActualCost from Campaign]);
11        
12// Print stripped records
13for (SObject strippedCampaign : decision.getRecords()) {
14    System.debug(strippedCampaign); // Does not display ActualCost
15}
16
17// Print modified indexes
18System.debug(decision.getModifiedIndexes());
19
20// Print removed fields
21System.debug(decision.getRemovedFields());
22
23//Lines from output log
24//|DEBUG|Campaign:{Name=Campaign1, BudgetedCost=1000, Id=701xx00000011nhAAA}
25//|DEBUG|Campaign:{Name=Campaign2, BudgetedCost=4000, Id=701xx00000011niAAA}
26//|DEBUG|{0, 1}
27//|DEBUG|{Campaign={ActualCost}}