As we all know security is always the number 1 priority for Salesforce, so there is a critical update coming to all of our Salesforce environments. This will change the way we provide access to AuraEnabled Apex methods.
From this post, you can expect –
What problem this update is going to solve?
When can we expect this update in our environments?
Show me the problem
Show me the solution(s)
Show me all the places where I need to make this change
What problem this update is going to solve?
When we write our Lightning Component or Lightning Web Component today, for any type of server operation, we write Apex classes and annotate the method with @AuraEnabled. We don’t have an option today to restrict the access to our AuraEnabled methods today.
That is why Salesforce came up with this important critical update where you need to specify who can access your AuraEnabled methods. I will explain this update with one example later in this post.
When can we expect this update in our environments?
Let’s say we have this below Lightning Web Component where we pass a string to the AuraEnable controller class and then class return list of Contacts. Finally component is going to display the list of contacts. Below is the code –
This is how the Lightning Web Component will look like –
This setup will work until we enable the below critical update, which you can find under
Setup -> Release Updates (Beta)
Now if we enable this update and try to access the same page again, we will see the below error in the console window –
From the message, it is very much clear that the user is not having access to ContactSearchController.
Show me the solution(s)
We have two options in today. Either give the permission in the user’s profile level or assign permission sets(selecting the Apex class permission there) to users.
Show me all the places where I need to make this change
Salesforce came up with an unlocked package, named @AuraEnabled Scanner, which you can install by — https://<myDomain>.lightning.force.com/packaging/installPackage.apexp?p0=04tB0000000ZQHxIAO, where <myDomain> is the name of your custom Salesforce domain.
Once installed, open the app by typing https://<myDomain>.lightning.force.com/c/AuraEnabledScanner.app. You need to have AuraEnabled Scanner User permission set assigned to you so that you can access this app.
App will show you all the places where you need to make this change like shown below –