Skip to main content

Apex Inherited Sharing - Winter19

You can now specify the inherited sharing keyword on an Apex class, which allows the class to run in the sharing mode of the class that called it. Using inherited sharing enables you to pass security review and ensure that your privileged Apex code is not used in unexpected or insecure ways. An Apex class with inherited sharing runs as with sharing when used as a Visualforce page controller, Apex REST service, or an entry point to an Apex transaction.

 Apex without a sharing declaration is insecure by default. Designing Apex classes that can run in either with sharing or without sharing mode at runtime is an advanced technique and can be difficult to distinguish from one where a specific sharing declaration is accidentally omitted. An explicit inherited sharing declaration makes the intent clear, avoiding ambiguity arising from an omitted declaration or false positives from security analysis tooling.

 There is a distinct difference between an Apex class that is marked with inherited sharing and one with an omitted sharing declaration. If the class is used as the entry point to an Apex transaction, an omitted sharing declaration runs as without sharing. However, inherited sharing ensures that the default is to run as with sharing. A class declared as inherited sharing runs only as without sharing when explicitly called from an already established without sharing context.

Comments

  1. Blog2799928 February 2020 at 15:08

    Your Affiliate Money Making Machine is ready -

    And making money with it is as simple as 1---2---3!

    Follow the steps below to make money...

    STEP 1. Input into the system what affiliate products you want to promote
    STEP 2. Add PUSH button traffic (it LITERALLY takes JUST 2 minutes)
    STEP 3. See how the affiliate products system grow your list and sell your affiliate products for you!

    Do you want to start making money?

    You can test-drive the system for yourself risk free...

    ReplyDelete

Post a Comment

Popular posts from this blog

Mashup Integration in Salesforce

During preparation for TA certification exam, I came across a word Mashup for integration a number of times. I explored about it and below is description:- Mashups, sometimes called “composites,” are hybrid applications created by bringing together several data sources and Web services to create a new application or to add value to an existing application. Behind the scenes, mashups may require different levels of integration, depending on whether the mashed-up data is only meant to be viewed, whether it can be edited, and whether data is actually transferred between systems. There are three types of mashup:- Client Presentation Mashup - In this type of mashup the integration takes place strictly at the visual level. It makes possible to view data from two or more applications in a browser,  without actually moving data between the applications. Example - Google Maps. Client Service Mashup - As mashups evolve, they are becoming more complex and sophisticated. Client...
15 comments
Read more

ReadOnly Annotation

Use Case:- You want to show up to 10000 record on single VF page. Count of records based upon some business requirement where number of records could go up to 1 million. So far, it was not possible to achieve above in VF page because of following limitations:- The maximum number of items in a collection that can be iterated over using components such as <apex:dataTable> , <apex:dataList> , and <apex:repeat> is 1000. Normally, queries for a single Visualforce page request may not retrieve more than 50,000 rows. Solution:- But with API version 23.0 , salesforce has introduced ' ReadOnly ' annotation which has following functionality/restriction:- The @ReadOnly annotation allows you to perform unrestricted queries against the Force.comdatabase. All other limits still apply. It's important to note that this annotation, while removing the limit of the number of returned rows for a request, blocks you from performing the following operations ...
Post a Comment
Read more

Grant Access Using Hierarchies

Problem There is a custom object say 'XYZ' and OWD for this is set to ' Private ', which means record of this can be seen by only owner and users above in role-hierarchy and territory. However, to share this with other user, we can manually share it. The problem is that I don't want other users, who are above in role-hierarchy and territory of the user with whom record has shared, can see it. Solution We can un-check ' Grant Access Using Hierarchies ' check box for object 'XYZ' on 'Sharing Settings' page. We can go to Setup >> Security Controls >> Sharing Settings and click on ' Edit ' button. On the edit page, we can un-check ' Grant Access Using Hierarchies ' for required object.  Major uses of 'Grant Access Using Hierarchies' are:- If you disable the Grant Access Using Hierarchies option, sharing with a role or territory and subordinates only shares with the users directly asso...
1 comment
Read more