function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
PawanKumarPawanKumar 

How to run trigger in user context to pass App Exchange security review?

Hi All,
Recently, We have been asked to make trigger to run in user context. Please help me if any body has gone thru this kind of secuirty check for trigger. Thanks in advance.

Regards,
Pawan Kumar
SandhyaSandhya (Salesforce Developers) 
Hi,

All triggers run as System by default. This means that triggers may have access to objects and fields that the current user does not. You can override this using the "with sharing" keywords.


Please refer below links with the similar discussion to get more information.

https://developer.salesforce.com/forums/?id=906F0000000Ag6wIAC
 
https://developer.salesforce.com/forums/?id=906F00000008xVzIAI

http://www.jitendrazaa.com/blog/salesforce/system-mode-or-god-mode-in-apex-gotchas/

http://www.tgerm.com/2011/03/trigger-insufficient-access-cross.html
 
Hope this helps you!

Please mark it as Best Answer if my reply was helpful. It will make it available for other as the proper solution.
 
Thanks and Regards
Sandhya


 
PawanKumarPawanKumar
Thanks sandhya.

Certainly, shared links are useful.

Concerns:
-----------------------
I have below trigger and their corresponding Trigger Handler class. My queston is optyList(Trigger.New) will have all the record which may not be accessible to running user. How to take out such record(unaccessible record) from the optyList. Please correct me if i am doing anything wrong / my undertanding is wrong as far as passing Trigger.New as parameter to trigger handler class.

Trigger
----------------------
trigger updateOpportunityTrigger on Opportunity  (after insert) {
    SystemMode_Scenario.perform(Trigger.New);
    // In the above line, Trigger.New will not respect with sharing 
}

Trigger Handler
------------------------------
public with sharing class  SystemMode_Scenario {
    public static void perform(Opportunity[] optyList){
        // feedItemsList will contains some record 
        // which will not be accessible to running user,how to remove such record from optyList.
        for(Opportunity eachOpty : optyList){
            eachOpty.SomeCustomField__c = 'Updated' ;
            update eachOpty;
        }
    }
}

Regards,
Pawan Kumar
Pratap Garani 9Pratap Garani 9
Hey Pawan,
If u are using with Sharing the first thing which will be checked is object acess, next the field access and then the sharing access. If a record is shared with you or u r the owner of that that ur code will update that record only.
Pankaj Singh 233Pankaj Singh 233
Hey Pratap with sharing only checks user sharing rules. Nothing else as per the doc : https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_keywords_sharing.htm