Chapter 7: Security and Access Control

In the world of data management, security and access control are paramount. In this chapter, we will explore how Salesforce’s security model integrates with SOQL to provide a robust framework for safeguarding your data. We’ll delve into understanding object and field-level security, sharing settings, record visibility, and how SOQL plays a crucial role in enforcing data privacy and compliance.

Object and Field-Level Security

Salesforce employs a comprehensive security model that controls access to objects and fields at various levels. Object-level security determines whether users can access an entire object, while field-level security governs access to specific fields within an object.

Let’s consider an example where you want to retrieve accounts along with their names and annual revenue. If the user doesn’t have access to the AnnualRevenue field, the query would return an error:

SELECT Name, AnnualRevenue FROM Account

To ensure field-level security compliance, use the <strong>WITH SECURITY_ENFORCED</strong> clause. This clause ensures that only fields accessible to the user are queried:

SELECT Name, AnnualRevenue FROM Account WITH SECURITY_ENFORCED;

Querying polymorphic lookup fields using WITH SECURITY_ENFORCED involves certain limitations. Polymorphic fields are relationship fields capable of referencing multiple entities. In queries employing WITH SECURITY_ENFORCED, traversal of relationships within polymorphic fields is unsupported. For instance, applying WITH SECURITY_ENFORCED to a query like this one, aimed at fetching Id and Owner names for both User and Calendar entities, is not viable:

SELECT Id, What.Name FROM Event WHERE What.Type IN ('User','Calendar')

Furthermore, the use of TYPEOF expressions alongside an ELSE clause is not permitted within queries using WITH SECURITY_ENFORCED. TYPEOF is utilized in SELECT queries to specify desired fields for a particular type within a polymorphic relationship. As a result, a query like this, where certain fields are designated for Account and Opportunity objects, while Name and Email fields are specified for other objects, cannot be combined with WITH SECURITY_ENFORCED:

SELECT 
TYPEOF What 
   WHEN Account THEN Phone 
   WHEN Opportunity THEN Amount 
   ELSE Name, Email 
END 
FROM Event

However, it’s worth noting that the Owner, CreatedBy, and LastModifiedBy polymorphic lookup fields are exceptions to this limitation and do allow traversal of polymorphic relationships.

For compliance with the AppExchange Security Review, it’s imperative to utilize API version 48.0 or later when implementing WITH SECURITY_ENFORCED. Usage of API versions in beta or pilot stages is prohibited.

In instances where fields or objects referenced in a SOQL SELECT query employing WITH SECURITY_ENFORCED are inaccessible to the user, a System.QueryException will be raised, resulting in the absence of returned data.

To enforce object and field permissions on the User object and safeguard a user’s personal information from other users in organizations with Experience Cloud sites, consult the guidelines on Enforcing Object and Field Permissions.

Example Scenarios:

• If access to either LastName or Description fields is restricted, attempting to execute a query similar to this will result in an exception being thrown due to insufficient permissions:

List<Account> act1 = [SELECT Id, (SELECT LastName FROM Contacts), 
   (SELECT Description FROM Opportunities)
   FROM Account WITH SECURITY_ENFORCED]

• Similarly, if access to the Website field is restricted, executing this query will lead to an exception due to insufficient permissions:

List<Account> act2 = [SELECT Id, parent.Name, parent.Website 
   FROM Account WITH SECURITY_ENFORCED]

• Lastly, if access to the Type field is restricted, running this aggregate function query will produce an exception indicating insufficient permissions:

List<AggregateResult> agr1 = [SELECT GROUPING(Type) 
   FROM Opportunity WITH SECURITY_ENFORCED 
   GROUP BY Type]

Enforcing FLS and Sharing in Apex

In Apex code, you can explicitly enforce object and field-level security and sharing rules. For example, consider a scenario where you want to retrieve contacts based on certain criteria:

List<Contact> contacts = [SELECT Id, FirstName, LastName FROM Contact WHERE MailingCity = 'San Francisco'];

To ensure the query respects object and field-level security as well as sharing rules, you can use the <strong>Security.stripInaccessible()</strong> method:

List<Contact> accessibleContacts = Security.stripInaccessible(
    [SELECT Id, FirstName, LastName FROM Contact WHERE MailingCity = 'San Francisco']
);

This method ensures that inaccessible records are filtered out, adhering to Salesforce’s security and access controls.

Handling Exceptions and Error Messages

SOQL queries executed in Apex can generate exceptions or error messages related to security and access control. These exceptions are crucial for maintaining data integrity and ensuring that users can’t bypass security measures.

For instance, if a user doesn’t have access to a specific field, attempting to query it would result in a NoAccessException. Similarly, if a user lacks access to a record due to sharing settings, a QueryException would be thrown.

Developers should handle these exceptions appropriately by incorporating error handling mechanisms in their Apex code. This ensures that users receive accurate and actionable error messages when attempting to access restricted data.

Conclusion

Security and access control form the bedrock of any data management system, and Salesforce’s security model is designed to provide a robust framework for protecting sensitive information. In this chapter, you’ve explored how SOQL integrates seamlessly with Salesforce’s security measures, enforcing object and field-level security, respecting sharing settings, and ensuring proper record visibility.

By using techniques such as the WITH SECURITY_ENFORCED as well as the Security.stripInaccessible() method, you can confidently build applications that adhere to data privacy and compliance requirements. By handling exceptions and error messages, you guarantee that users receive accurate feedback and understand the security restrictions in place.

As you continue to master the intricacies of SOQL, you’ll find that integrating security and access control measures ensures that your Salesforce data remains confidential, secure, and compliant with regulatory standards. In the next chapter, we’ll explore performance optimization techniques for SOQL queries, enabling you to retrieve and manipulate data efficiently and effectively, even at scale. Get ready to elevate your data manipulation prowess and streamline your query execution for optimal performance!