Apex Code Development You need to sign in to do that
Don't have an account?
Anuj Joshi 42 Security of a VF Page
Hi All,
When we write a vf page and click on security we see that some object and fioelds have permission.
Stll do we need to check FLS conditions like isCreateable and isUpdateable in the apex class? I need to eliminate these error in checkmarx report. I have written them but i have no ides on how to test the code by looging as different users.
Thanks,
Anuj
When we write a vf page and click on security we see that some object and fioelds have permission.
Stll do we need to check FLS conditions like isCreateable and isUpdateable in the apex class? I need to eliminate these error in checkmarx report. I have written them but i have no ides on how to test the code by looging as different users.
Thanks,
Anuj
Apex generally runs in system context; that is, the current user's permissions, field-level security, and sharing rules aren’t taken into account during code execution. The only exceptions to this rule are Apex code that is executed with the executeAnonymous call and Chatter in Apex. executeAnonymous always executes using the full permissions of the current user. For more information on executeAnonymous, see Anonymous Blocks.
Although Apex doesn't enforce object-level and field-level permissions by default, you can enforce these permissions in your code by explicitly calling the sObject describe result methods (of Schema.DescribeSObjectResult) and the field describe result methods (of Schema.DescribeFieldResult) that check the current user's access permission levels. In this way, you can verify if the current user has the necessary permissions, and only if he or she has sufficient permissions, you can then perform a specific DML operation or a query.
I would suggest you refer below link to know more information on this.
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://salesforce.stackexchange.com/questions/37282/difference-between-iscreateable-and-isupdatable-for-describefieldresult
Please mark it as solved if my reply was helpful. It will make it available for other as the proper solution.
Best Regards
Sandhya
My question was do we still have to insert the FLS conditions in code inspite of giving the apex class permissions at profile level
Thanks,
Anuj