You're reading from Mastering Apex Programming A developer's guide to learning advanced techniques and best practices for building robust Salesforce applications

Product type Paperback

Published in Nov 2020

Publisher Packt

ISBN-13 9781800200920

Length 368 pages

Edition 1st Edition

Languages

Apex

Tools

Salesforce

Concepts

Enterprise Resource Planning

Author (1):

Paul Battisson

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1 – Triggers, Testing, and Security

2. Chapter 1: Common Apex Mistakes FREE CHAPTER

3. Chapter 2: Debugging Apex

4. Chapter 3: Triggers and Managing Trigger Execution

5. Chapter 4: Exceptions and Exception Handling

6. Chapter 5: Testing Apex Code

7. Chapter 6: Secure Apex Programming

8. Section 2 – Asynchronous Apex and Apex REST

9. Chapter 7: Utilizing Future Methods

10. Chapter 8: Working with Batch Apex

11. Chapter 9: Working with Queueable Apex

12. Chapter 10: Scheduling Apex Jobs

13. Chapter 11: Using Platform Events

14. Chapter 12: Apex REST and Custom Web Services

15. Section 3 – Apex Performance

16. Chapter 13: Performance and the Salesforce Governor Limits

17. Chapter 14: Performance Profiling

18. Chapter 15: Improving Apex Performance

19. Chapter 16: Performance and Application Architectures

20. Other Books You May Enjoy

Leave a review - let other readers know what you think

Enforcing object and field permissions

As previously mentioned, all Apex runs in System Mode and has access to all metadata and data within the org. This means that regardless of what permissions the user may have on an object or field, Apex can see all objects and fields. This again has some positive and negative consequences:

On the positive side, we are now able to ensure that our code can act in ways that our user could not through a standard user interface. For example, we may have a field storing sensitive data that the user should not see or have access to for compliance reasons. Our code can still access this field on behalf of the user to enable it to be used within their workflow. As long as the code is correctly encapsulated and limited in how it is accessed, this is a great way of both enforcing permissions and allowing the desired business process to operate freely.
On the negative side, this model means that if we are not careful, then we can accidentally...