Apex Code Development You need to sign in to do that
Don't have an account?
Can someone help me with below question? I am confused with the answer
Universal Containers (UC) has a requirement to expose a web service to their business partners. The web service will be used to allow each business partner to query
UC's Salesforce instance to retrieve the status of orders. The business partner should only be allowed access to orders for which the business partner is the
fulfillment vendor. The Architect does not want the business partners to utilize the standard APIs and would prefer a custom API be developed.Which three design
elements should the Architect consider in order to ensure the data security of the solution? Choose 3 answers
A. Query the Orders object with Dynamic SOQL based upon the fulfillment ID.
B. Set the Orders object's sharing settings to Private in the Org-Wide Defaults
C. Provide each partner with their own Salesforce login set to API Enabled on the profile.
D. Develop a custom Apex web service with a fulfillment ID input attribute
E. Develop a custom Apex web service using the "With Sharing" keyword.
UC's Salesforce instance to retrieve the status of orders. The business partner should only be allowed access to orders for which the business partner is the
fulfillment vendor. The Architect does not want the business partners to utilize the standard APIs and would prefer a custom API be developed.Which three design
elements should the Architect consider in order to ensure the data security of the solution? Choose 3 answers
A. Query the Orders object with Dynamic SOQL based upon the fulfillment ID.
B. Set the Orders object's sharing settings to Private in the Org-Wide Defaults
C. Provide each partner with their own Salesforce login set to API Enabled on the profile.
D. Develop a custom Apex web service with a fulfillment ID input attribute
E. Develop a custom Apex web service using the "With Sharing" keyword.
B, C, E - OWD to private + with sharing + own user that is owner of the records
dyanmic SOQL (A) does not help with sharing and record access
fullfillment ID as an input (D) does not help if any vendor can pass fullfillment ID that belongs to different vendor (and therefore seeing their records)
You can also have a custom check on current user in your web service code, but that is not in your options.