+ Start a Discussion

Relation between Custom Object Permissions and Author Apex Permission???



I have a profile which i have cloned from System Admin profile.

Now for this profile I would like to have "Author Apex" permission, so that user can create the Apex Classes and Triggers.


I also have one custom object. Now I dont want this object to be accessible for this profile.

So I removed all the permissions of this object. But as soon as I remove the permissions, the "Author Apex" checkbox gets unchecked. 


I am doing all these experiments in order to understand security features. Does anybody knows why salesforce behaves this way and the reason behind it?


Thanks in advance!!


If a user has Author Apex in your production org, they are effectively an Admin.  Apex code can run in System Mode, so it can see or do anything the Admin can see or do.  It is possible to *hide* a custom object from a user with Author Apex, but you cannot prevent them from reading it, writing to it, or deleting it through Apex.


In general, you should be careful about developing Apex/Visualforce in your production org.  It is recommended that you use a Sandbox org, or a free Developer Edition org for code development, and deploy the finished code to your production org.

You should be able to work around your problem by having your developer do all of their work in Sandbox or DE.  Once the code is ready for production, you can deploy the code yourself through the Force.com IDE. (right click > Foce.com > Deploy to Server)


I would also recommend that you take advantage of the Free security scanner ( http://security.force.com/sourcescanner ) before you deploy your Apex code.


Hope that helps!