Category: security

How to restrict @AuraEnabled method access for Authenticated users

As we all know security is always the number 1 priority for Salesforce, so there is a critical update coming to all of our Salesforce environments. This will change the way we provide access to AuraEnabled Apex methods. From this post, you can expect -What problem this update is going to solve?When can we expect this update in our environments?Show me the problemShow me the solution(s)Show me all the places where I need to make this changeWhat problem this update is going to solve?When we write our Lightning Component or Lightning Web Component today, for any type of server operation, we write Apex classes and annotate the method with @AuraEnabled. We don’t have an option today to restrict the access to our AuraEnabled methods today. That is why Salesforce came up with this important critical update where you need to specify who can access your AuraEnabled methods. I will explain this update with one example later in this post.When can we expect this update in our environments?This update “Restrict @AuraEnabled Apex methods to authenticated users” came as part of Salesforce’s Winter ’20 release. Enforcement will start on August 9th, 2020.Show me the problemLet’s say we have this below Lightning Web Component where we pass a string to the AuraEnable controller class and then class return list of Contacts. Finally component is going to display the list of contacts. Below is the...

Read More

Implicit Sharing in Salesforce

In Lightning Platform, Salesforce provides multiple options to administrators so that they can grant data access to different users, groups, teams. But there is something which is implemented and maintained by Salesforce which will also give relational data access to users based on their’s access to other records. In Lightning Platform, it is known as Implicit Sharing. Administrator cannot change the way implicit sharing works. So it is very important to understand the different types of implicit sharing we have in the platform.Nice to check out: Salesforce Spring 21 Release FeatureSalesforce Certification NotesSalesforce Release Video TutorialsSalesforce Lightning Flow Video TutorialsIn this blog post, I am going to explain different types of Implicit Sharing and how it works.To understand, let’s first consider the Account and Contact object. These two objects are linked with each other. So let’s say the Organization Wide Default for both Account and Contact are mentioned as Private, i.e. the record owner can see the records they created or owned.With the above assumptions, here are the different Implicit Sharing we have -Parent Implicit Sharing: This sharing provides read only access to parent record if the user is having access to the child record. Example – Refer the picture below. Here Bob is getting read-only access to Account because he is having access to the Contact (bcoz: Jimmy manually shared the contact with Bob). The level of Account access...

Read More

Delegate Administrator

In a big organization, a single admin can a big problem in terms of bandwidth issues. Normally admins are getting multiple requests like – creating users, updating profiles, resetting the password, running report etc. along with their daily meetings. So it will be really difficult for a single admin to handle all these requests by himself/herself. And that is the place where admins want to delegate some of their work to others (trusted colleagues). But trust me, it is a big decision. You should not give all the admin privilege to your colleagues even though he/she is a very trusted employee. Rather you should delegate few specific task to your colleagues. In Salesforce, we can do the same with DELEGATE ADMINISTRATION. So basically Delegate Administrator will allow named users to manage other users within selected roles and profiles, as well as managed selected custom objects. With Delegate Administration, you can configure named users to do the below things -Role & Subordinate:  Delegate Administrator can create and edit users with specific roles and subordinates. The can’t modify the role hierarchy though.Profile:  Delegate Administrator can assign users(they create or edit) to assigned profiles. They can’t modify the profile.Permission Set: Delegate Administrator can add/remove selected permission sets from users(they create or edit) to assigned profiles. They can’t modify the permission set.Public Group: Delegate Administrator can add/remove selected public groups from users(they create or edit)...

Read More

Understand Field’s Visibility with Field-Level Security and Page Layout

We all know that Field-Level security (FLS) and Page Layout are very important concept. But let us understand the concept with multiple use cases. I always believe going through use cases/scenarios are the best way to learn the concept.Use Case 1:Object Name: StudentField Name: Student NameField is required: YesLet’s try to change the field’s security both in profile level as well as through page layout.Changing though Field Level Security @ Profile Level (say for profile: Sales User) –You can’t change Field Level Security for a field if the field is marked as required during declaration. The field will become visible for all the profiles as shown below -So is it possible to do something in page layout? Let’s check –Seems like here also you can’t do any changes. Below is the screenshot –So the conclusion is that if a field is marked as required during declaration, that field will remain required and visible in all the page layouts. You can’t make that field read-only also.Use Case 2:Object Name: StudentField Name: Student AgeField is required: NoNow we can have multiple scenarios. They are listed below –Scenario 1:Visible for Profile – Sales User: NoVisible for Profile – Executive User: YesRequired in Page Layout – YesObservation:Logged in as Adams, Karen (Profile – Sales User)Logged in as Bassi, Brent (Profile – Executive User)Scenario 2:Visible for Profile – Sales User: YesRead Only for Profile...

Read More

Campaign in Salesforce and Security involved

The very basic question comes to my mind is that what is a Campaign? Here is a very good blog post regarding how you want to define Campaign. Here – What is a Salesforce.com Campaign?Who can access Campaigns?Let’s understand this with the below use caseUse Case: Let’s say we have a custom profile named “Sales User” with below permissions on Campaign object -Now I have two users with this profile -User 1 – Kevin Bailey with Marketing User checkbox checked andUser 2 – Karen Adams with Marketing User checkbox unchecked.So what will happen here is that both Kevin and Karen can view campaigns, run campaign reports, but only Kevin can create new campaigns or edit existing campaigns.Note: So in order to create / edit Campaigns, Marketing User checkbox should be checked and Create/Edit permission should be there on the Campaign object.Let’s summarise the permission information as -To view Campaign – “Read” on Campaign.To create Campaign – “Create” on Campaign + “Marketing User” checkbox checked.To change Campaign – “Edit” on Campaign + “Marketing User” checkbox checked.To use Import Lead wizard – “Edit” on Campaign + “Marketing User” checkbox checked + “Import Lead” checkbox checked on user details page.To use Campaign Update wizard – “Edit” on Campaign + “Marketing User” checkbox checked + “Import Lead” checkbox checked on user details page + “Read” on...

Read More
Loading