Secure Apex Code with User Mode Database Operations (Generally Available)

 

The new Database and Search methods support an accessLevel parameter that lets you run database and search operations in user mode instead of in the default system mode. This feature, now generally available, includes some changes since the last release. Apex code runs in system mode by default, which means that it runs with substantially elevated permissions over the user running the code. To enhance the security context of Apex, you can specify user mode access for database operations. Field-level security (FLS) and object permissions of the running user are respected in user mode and it always applies sharing rules. In system mode, the class sharing keywords control the sharing rules.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

How: You can indicate the mode of the operation by using WITH USER_MODE or WITH SYSTEM_MODE in your SOQL query. This example specifies user mode.

List<Account> acc = [SELECT Id FROM Account WITH USER_MODE];

Database operations can specify user or system mode. This example inserts a new account in user mode.

Account acc = new Account(Name='test');
insert as user acc;

The new AccessLevel class represents the two modes that Apex runs database operations in. Use this new class to define the execution mode as user mode or system mode.

We introduced the beta user mode feature in the Summer ’22 release and added more beta features in the Winter ’23 release. The two beta releases included this initial set of overloaded System.Database and System.Search methods that perform DML and query operations.

  • Database.query method
  • Database.countQuery method
  • Database.getQueryLocator methods
  • Search.query method
  • Database DML methods (insertinsertAsyncinsertImmediateupdateupdateAsyncupdateImmediateupsertmergedeletedeleteAsyncdeleteImmediateundelete, and convertLead)

We added these new methods in this GA release.

  • Database.queryWithBinds
  • Database.getQueryLocatorWithBinds
  • Database.countQueryWithBinds

Comments

Post a Comment

Popular posts from this blog

IsVisibleInSelfService on Task salesforce

I was working on assignment which required me to access Tasks and show on customer portal. I written the apex code and fired SOQL, but to my surprise none of Tasks were fetched. I thought its a permission issue from profile or sharing access issue. However at the end I found that there is a field on task object called  IsVisibleInSelfService  which derives the visibility of the tasks for customer portals. Even Apex code can't find the task if this boolean field is not set to true. Probably its trivial information but usefull when you are not aware of this :)
Read more

Too many batch retries in the presence of Apex triggers and partial failures.

Too many batch retries in the presence of Apex triggers and partial failures If you write and execute batch scripts then some time you might end up with this error, which may be difficult to understand. However proper explanation is given in the Salesforce documentation as below. Bulk DML Exception Handling Exceptions that arise from a bulk DML call (including any recursive DML operations in triggers that are fired as a direct result of the call) are handled differently depending on where the original call came from: When errors occur because of a bulk DML call that originates directly from the  Apex  DML statements, or if the  all_or_none  parameter of a database DML method was specified as true, the runtime engine follows the “all or nothing” rule: during a single operation, all records must be updated successfully or the entire operation rolls back to the point immediately preceding the DML statement. When errors occur because of a bulk DML call that ...
Read more

Governor limit SOQL 101 being suppressed

System.LimitException: Too many SOQL queries: 101 Did anyone faced scenario where SOQL 101 governor limit is not being reported to user interface (UI), instead it is being logged into debug logs ? Please provide your thoughts in the comments if there exists any possible scenario. As far as I know, Governor limits can not be suppressed and will be shown to user on the UI. However I am facing below scenario where SOQL 101 limit is being logged into debug log and not being shown in the UI. 1.User converts the lead. 2.Account, Opportunity, Contact created. 3.User is successfully redirected to newly created account page. 4.All the references are correct. Like ConvertedAccountId, convertedOpptyId etc. When I go to the Debug logs, There SOQL 101 (System.LimitException: Too many SOQL queries: 101) is being shown. If dig more in the debug logs then I found that this exception came while Opportunity Before Update trigger. The question is, Since all this is happening in sing...
Read more