+ Start a Discussion
vandana rajuvandana raju 

User Mode and system Mode

Hello
I have some difficulty in understanding the following

a) Normally apex code & trigger run in system.context
   But How to make the apex code execute in USER Mode?
   if the apex code executing in USER Mode  is called by a trigger, will the trigger also execute in USER Mode?

b) Can a visual force page run in USER Mode instead of system.context , again what changes need to be done and why?

c) By default webservice classes written in apex , rest api execute in what Mode?

d) what is the use of system.RunAs with respect to the above.

I hope I am clear

Thanks
Vandana R
Best Answer chosen by vandana raju
Navin SoniNavin Soni
Hi Vandana,

System mode -
  • System mode is nothing but running apex code by ignoring user's permissions. For example, logged in user does not have create permission but he/she is able to create a record.
  • In system mode, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren't applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.
  • In Salesforce, all apex code run in system mode. It ignores user's permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn't enforce user permissions or field-level permissions, it only enforces record sharing.
User mode - 
  • User mode is nothing but running apex code by respecting user's permissions and sharing of records. For example, logged in user does not have create permission and so he/she is not able to create a record.
  • In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.
Thank You,
Navin Soni
 

All Answers

learn_cloudsflearn_cloudsf
Hi Vandana

a) : Apex generally runs in system context; that is, the current user's permissions, field-level security, and sharing rules aren’t taken into account during code execution.​ The only exceptions to this rule are Apex code that is executed with the executeAnonymous call and Chatter in Apex. executeAnonymous always executes using the full permissions of the current user. 

To run the trigger in user mode , Create Apex class with 'WithSharing' enforced and invoke the class from trigger. This will enforce Shariing settings based on user.

b) Because standard controllers execute in user mode, in which the permissions, field-level security, and sharing rules of the
current user are enforced, extending a standard controller allows you to build a Visualforce page that respects user permissions.

c) run in user mode.

d)system.run.As  enables you to write test methods that change the user context to an existing user or a new user so that the user’s record sharing is enforced.( only record sharing ) ( only for test class)

 
vandana rajuvandana raju
Hi learn_cloudsf
I have a doubt regarding point a.
User_A has CRUD permission on Case & Read only permission on a Custom Object say employee.
When Case record is created ,in Apex class invoked through trigger user_A is able  to create record for custom object on which user does not have create permission. The Apex class is written using Sharing keyword.

The code in Apex class seems to run in system mode even using after sharing keyword.
Can u pls explain why is this happening?

Thanks
Vandana R
Navin SoniNavin Soni
Hi Vandana,

System mode -
  • System mode is nothing but running apex code by ignoring user's permissions. For example, logged in user does not have create permission but he/she is able to create a record.
  • In system mode, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren't applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.
  • In Salesforce, all apex code run in system mode. It ignores user's permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn't enforce user permissions or field-level permissions, it only enforces record sharing.
User mode - 
  • User mode is nothing but running apex code by respecting user's permissions and sharing of records. For example, logged in user does not have create permission and so he/she is not able to create a record.
  • In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.
Thank You,
Navin Soni
 
This was selected as the best answer
phanip adminphanip admin
User Mode : As per this Salesforce post, all Profile level permissions, sharing rules and Field level security are enforced in Apex if it runs in User mode. Standard Controller and Anonymous Apex runs in User mode.

System Mode : Same post conforms that custom controller, trigger, Apex class, controller extension works in System mode. Means eventhough user does not have necessary profile level permission, record level permission or field level permission, but still they can perform any operation on it.

Better check this link : 
http://www.jitendrazaa.com/blog/salesforce/system-mode-or-god-mode-in-apex-gotchas/
devang shah 47devang shah 47
Download Strange VPN Apk (https://apknerd.com/strange-vpn-apk/) - Anti banned and ipv6 support