Apex security refers to the process of applying security
settings and enforcing the sharing rules on running code. Apex classes
has security setting which can be controlled via two keywords.
Our Apex code should not expose the sensitive data to User which is hidden via security and sharing settings. Hence, Apex security and enforcing the sharing rule is most important.
Let's take an example that our User has access to 5 records, but total number of records are 10. So when the Apex class will be declared with "With Sharing" Keyword, it will return only 5 records on which the user has access to.
Example:
First, make sure that you have created at least 10 records in Customer object with 'Name' of 5 records as 'ABC Customer' and rest 5 records as 'XYZ Customer'. Then create a sharing rule which would share the 'ABC Customer' with all Users. Also, make sure that you have set the OWD of Customer object as Private.
Paste the below code to Anonymous block in Developer Console.
Setting Apex class security from the class list page:
Step 1. From Setup, click Develop -> Apex Classes.
Step 2. Next to the name of the class that you want to restrict, click Security.
Step 3. Select the profiles that you want to enable from the
Available Profiles list and click Add, or select the profiles that you
want to disable from the Enabled Profiles list and click remove.
Step 4. Click Save.
Setting Apex class security from Class Detail Page:
Step 1. From Setup, click on Develop -> Apex Classes.
Step 2. Click the name of the class that you want to restrict. We have clicked on CustomerOperationClass.
Step 3. Click on Security.
Step 4. Select the profiles that you want to enable from the
Available Profiles list and click Add, or select the profiles that you
want to disable from the Enabled Profiles list and click on Remove.
Step 5. Click on Save.
Setting Apex Security from Permission Set:
Step 1. From Setup, click Manage Users -> Permission Sets.
Step 2. Select a permission set.
Step 3. Click on Apex Class Access.
Step 4. Click on Edit.
Step 5. Select the Apex classes that you want to enable from
the Available Apex Classes list and click Add, or select the Apex
classes that you want to disable from the Enabled Apex Classes list and
click remove.
Step 6. Click Save button.
Data Security and Sharing Rules
Apex generally runs in system context; that is, the current user's permissions. Field-level security, and sharing rules aren't taken into account during code execution. Only the anonymous block code executes with the User permission who is executing the code.Our Apex code should not expose the sensitive data to User which is hidden via security and sharing settings. Hence, Apex security and enforcing the sharing rule is most important.
With Sharing Keyword
If you use this keyword, then the Apex code will enforce the Sharing settings of current user to Apex code. This does not enforce the Profile permission, only the data level sharing settings.Let's take an example that our User has access to 5 records, but total number of records are 10. So when the Apex class will be declared with "With Sharing" Keyword, it will return only 5 records on which the user has access to.
Example:
First, make sure that you have created at least 10 records in Customer object with 'Name' of 5 records as 'ABC Customer' and rest 5 records as 'XYZ Customer'. Then create a sharing rule which would share the 'ABC Customer' with all Users. Also, make sure that you have set the OWD of Customer object as Private.
Paste the below code to Anonymous block in Developer Console.
//Class With Sharing public with sharing class MyClassWithSharing { //Query To fetch 10 records List<apex_customer__c> CustomerList = [SELECT id, Name FROM APEX_Customer__c LIMIT 10]; public Integer executeQuery () { System.debug('List will have only 5 records and the actual records are '+CustomerList.size()+' as user has access to'+CustomerList); Integer ListSize = CustomerList.size(); return ListSize; } } //Save the above class and then execute as below //Execute class using the object of class MyClassWithSharing obj = new MyClassWithSharing(); Integer ListSize = obj.executeQuery();
Without Sharing Keyword
As the name suggests, class declared with this keyword executes in System mode, i.e. irrespective of User's access to the record, query will fetch all the records.//Class Without Sharing public without sharing class MyClassWithoutSharing { List<apex_customer__c> CustomerList = [SELECT id, Name FROM APEX_Customer__c LIMIT 10];//Query To fetch 10 records, this will return all the records public Integer executeQuery () { System.debug('List will have only 5 records and the actula records are '+CustomerList.size()+' as user has access to'+CustomerList); Integer ListSize = CustomerList.size(); return ListSize; } } //Output will be 10 records.
Setting Security for Apex Class
You could enable or disable an Apex class for particular profile. Below are the steps for the same. You can determine which profile should have access to which class.Setting Apex class security from the class list page:
Step 1. From Setup, click Develop -> Apex Classes.
Step 2. Next to the name of the class that you want to restrict, click Security.
Step 3. Select the profiles that you want to enable from the
Available Profiles list and click Add, or select the profiles that you
want to disable from the Enabled Profiles list and click remove.
Step 4. Click Save.
Setting Apex class security from Class Detail Page:
Step 1. From Setup, click on Develop -> Apex Classes.
Step 2. Click the name of the class that you want to restrict. We have clicked on CustomerOperationClass.
Step 3. Click on Security.
Step 4. Select the profiles that you want to enable from the
Available Profiles list and click Add, or select the profiles that you
want to disable from the Enabled Profiles list and click on Remove.
Step 5. Click on Save.
Setting Apex Security from Permission Set:
Step 1. From Setup, click Manage Users -> Permission Sets.
Step 2. Select a permission set.
Step 3. Click on Apex Class Access.
Step 4. Click on Edit.
Step 5. Select the Apex classes that you want to enable from
the Available Apex Classes list and click Add, or select the Apex
classes that you want to disable from the Enabled Apex Classes list and
click remove.
Step 6. Click Save button.
No comments:
Post a Comment