Sign Up ›
  • MikeWare
  • NEWBIE
  • 0 Points
  • Member since 2007
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 1
    Replies
12 replies

APEX Security Context

Things looked great at the APEX day demo yesterday.  My first concern, though, was over the security context in which code executes. I asked about this and was told that the code runs at adminstrator level.

This is something that seriously needs to be changed.  Of course it's the developer's responsibility to manage code to avoid undesirable results.  However, this is going to be extremely difficult.

If write some code that displays query results (or modifies data?!), but a user is normally not allowed to view or  those records, unwanted information will be displayed.  How would you even write code that would exclude those results? (sorry, there may be functions to do this, I'm just getting started writing code).  And if you did, you'd have to make everything conditional or have multiple controls or triggers.  I'm just trying to picture how even an advanced user would manage something like that - and your goal is to make "everyone" a developer?

Not good.  It's highly critical to have an option for functions to run at the user level.  In fact, that should be the default.  I hope that this is something that will be addressed soon.
12 replies

APEX Security Context

Things looked great at the APEX day demo yesterday.  My first concern, though, was over the security context in which code executes. I asked about this and was told that the code runs at adminstrator level.

This is something that seriously needs to be changed.  Of course it's the developer's responsibility to manage code to avoid undesirable results.  However, this is going to be extremely difficult.

If write some code that displays query results (or modifies data?!), but a user is normally not allowed to view or  those records, unwanted information will be displayed.  How would you even write code that would exclude those results? (sorry, there may be functions to do this, I'm just getting started writing code).  And if you did, you'd have to make everything conditional or have multiple controls or triggers.  I'm just trying to picture how even an advanced user would manage something like that - and your goal is to make "everyone" a developer?

Not good.  It's highly critical to have an option for functions to run at the user level.  In fact, that should be the default.  I hope that this is something that will be addressed soon.