Apex Developer Guide

Apex Developer Guide
Release Notes
Getting Started with Apex
Writing Apex
Data Types and Variables
Control Flow Statements
Classes, Objects, and Interfaces
Working with Data in Apex
Working with sObjects
Data Manipulation Language
SOQL and SOSL Queries
SOQL For Loops
sObject Collections
Dynamic Apex
Apex Security and Sharing
Enforcing Sharing Rules
Enforcing Object and Field Permissions
Enforce User Mode for Database Operations
Enforce Security with the stripInaccessible Method
Filter SOQL Queries Using WITH SECURITY_ENFORCED
Class Security
Understanding Apex Managed Sharing
Security Tips for Apex and Visualforce Development
Cross Site Scripting (XSS)
Unescaped Output and Formulas in Visualforce Pages
Cross-Site Request Forgery (CSRF)
SOQL Injection
Data Access Control
Custom Settings
Running Apex
Debugging, Testing, and Deploying Apex
Apex Reference
Appendices
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Data Access Control

The Lightning Platform makes extensive use of data sharing rules. Each object has permissions and can have sharing settings that users can read, create, edit, and delete. These settings are enforced when using all standard controllers.

When using an Apex class, the built-in user permissions and field-level security restrictions aren’t respected during execution. The default behavior is that an Apex class can read and update all data. Because these rules aren’t enforced, developers who use Apex must avoid inadvertently exposing sensitive data that’s normally hidden behind user permissions, field-level security, or defaults. For example, consider this Apex pseudo-code.
1public class customController { 
2    public void read() { 
3        Contact contact = [SELECT id FROM Contact WHERE Name = :value]; 
4    } 
5}
In this case, all contact records are searched, even if the user currently logged in doesn’t have permission to view these records. The solution is to use the qualifying keywords with sharing when declaring the class:
1public with sharing class customController { 
2    . . . 
3}

The with sharing keyword directs the platform to use the security sharing permissions of the user currently logged in, rather than granting full access to all records.