Salesforce Developer Security Fls

salesforce-developer-security

// Salesforce - Developer - Security - Field-Level Security (FLS):

Field-level security, or FLS for short, controls which fields are visible to a 
user on a given object.  There are 2 options for FLS, visible and read-only:

1. Visible = Read and write
2. Read-only = Read only

Visualforce runs in user context, but custom controllers run in system context. 
What is expected FLS behavior?

1. Apex Classes will not enforce FLS permissions.

   a. Any field can be queried
   b. Insert(), Update(), and Delete() methods can be applied to any writeable 
      field.

2. Visualforce will enforce FLS.

   a. A field will only be rendered if read is granted for that field.

3. Notable Exception – de-referenced fields do not have their FLS enforced.

   a. {!contactEmail} = no FLS enforced on email
   b. {!contact.Email} = FLS enforced on email

Enforcing FLS in Apex:

A user’s FLS can be manually verified and enforced in Apex code. This is 
important if you need to de-reference an sobject field.

1. Schema.sObjectType.<sObject>.fields.<field>

   a. isAccessible
   b. isUpdateable

public class MyController {
  public String getMyAccount {
    if (! Schema.sObjectType.Account.fields.Name.isAccessible()) {
    }
  }
}
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License