Apex Reference Guide
jSecurity Class
Namespace
Usage
In the context of the current user’s create, read, update, or upsert access permission, use the Security class methods to:
- Strip fields that aren’t visible from query and subquery results
- Remove inaccessible fields before a DML operation without causing an exception
- Sanitize SObjects that have been deserialized from an untrusted source
Security Methods
The following are methods for Security.
stripInaccessible(accessCheckType, sourceRecords, enforceRootObjectCRUD)
Creates a list of sObjects from the source records, which are
stripped of fields that fail the field-level security checks for the current user. The method
also provides an option to enforce an object-level access check.
Signature
public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords, Boolean enforceRootObjectCRUD)
Parameters
- accessCheckType
- Type: System.AccessType
- Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
- sourceRecords
- Type: List<SObject>
- A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.
- enforceRootObjectCRUD
- Type: Boolean
- Indicates whether an object-level access check is performed. If this parameter is set to true and the access check fails, the method throws an exception. The default value of this optional parameter is true.
Return Value
Example
In this example, the user doesn’t have permission to create the Probability field of an Opportunity.
1List<Opportunity> opportunities = new List<Opportunity>{
2 new Opportunity(Name='Opportunity1'),
3 new Opportunity(Name='Opportunity2', Probability=95)
4};
5
6// Strip fields that are not creatable
7SObjectAccessDecision decision = Security.stripInaccessible(
8 AccessType.CREATABLE,
9 opportunities);
10
11// Print stripped records
12for (SObject strippedOpportunity : decision.getRecords()) {
13 System.debug(strippedOpportunity);
14}
15
16// Print modified indexes
17System.debug(decision.getModifiedIndexes());
18
19// Print removed fields
20System.debug(decision.getRemovedFields());
21
22//Lines from output log
23//|DEBUG|Opportunity:{Name=Opportunity1}
24//|DEBUG|Opportunity:{Name=Opportunity2}
25//|DEBUG|{1}
26//|DEBUG|{Opportunity={Probability}}stripInaccessible(accessCheckType, sourceRecords)
Creates a list of sObjects from the source records, which are stripped
of fields that fail the field-level security checks for the current
user.
Signature
public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords)
Parameters
- accessCheckType
- Type: System.AccessType
- Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
- sourceRecords
- Type: List<SObject>
- A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.
Return Value
Example
In this example, the user doesn’t have permission to read the ActualCost field of a Campaign.
1List<Campaign> campaigns = new List<Campaign>{
2 new Campaign(Name='Campaign1', BudgetedCost=1000, ActualCost=2000),
3 new Campaign(Name='Campaign2', BudgetedCost=4000, ActualCost=1500)
4};
5insert campaigns;
6
7// Strip fields that are not readable
8SObjectAccessDecision decision = Security.stripInaccessible(
9 AccessType.READABLE,
10 [SELECT Name, BudgetedCost, ActualCost from Campaign]);
11
12// Print stripped records
13for (SObject strippedCampaign : decision.getRecords()) {
14 System.debug(strippedCampaign); // Does not display ActualCost
15}
16
17// Print modified indexes
18System.debug(decision.getModifiedIndexes());
19
20// Print removed fields
21System.debug(decision.getRemovedFields());
22
23//Lines from output log
24//|DEBUG|Campaign:{Name=Campaign1, BudgetedCost=1000, Id=701xx00000011nhAAA}
25//|DEBUG|Campaign:{Name=Campaign2, BudgetedCost=4000, Id=701xx00000011niAAA}
26//|DEBUG|{0, 1}
27//|DEBUG|{Campaign={ActualCost}}stripInaccessible(accessCheckType, sourceRecords, enforceRootObjectCRUD, permissionSetId)(Developer Preview)
Creates a list of sObjects from the source records, which are
stripped of fields that fail field-level and object-level access checks. Apex enforces
field-level security (FLS) and object permissions as per the specified permission set, in
addition to the running user’s permissions.
Signature
This feature is available in scratch orgs where the ApexUserModeWithPermset feature is enabled. If the feature isn’t enabled, Apex code with this feature can be compiled but not executed.
public static System.SObjectAccessDecision stripInaccessible(System.AccessType accessCheckType, List<SObject> sourceRecords, Boolean enforceRootObjectCRUD, Id permissionSetId)
Parameters
- accessCheckType
- Type: System.AccessType
- Uses values from the AccessType enum. This parameter determines the type of field-level access check to be performed. To check the current user's field-level access, use the Schema.DescribeFieldResult methods —isCreatable(), isAccessible(), or isUpdatable().
- sourceRecords
- Type: List<SObject>
- A list of sObjects to be checked for fields that aren’t accessible in the context of the current user’s operation.
- enforceRootObjectCRUD
- Type: Boolean
- Indicates whether an object-level access check is performed. If this parameter is set to true and the access check fails, the method throws an exception. The default value of this optional parameter is true.
- permissionSetId
- Type: Id
- Permissions in the specified permission set are enforced in additon to the running user’s permissions.