Security in Salesforce and on the Force.com platform can be really hard to understand. In this blog post, we’re going to have a look at the “With Sharing” and “Without Sharing” Apex keywords.
This past year, Salesforce has finally released some security enhancements that can make our lives easier as developers.
There’s two enhancements that can really improve our code and reduce the use of the Schema.sObjectType methods.
Salesforce has quite a bit of built in security; and has lots of security features that can be customized. Access to most parts of the Salesforce / Force.com platform isn’t actually available until a user has been authenticated.
A few weeks ago, I began studying for Admin Certifications, and was fortunate to find this photo on twitter that @SalesforceBen had shared.
Security in Salesforce can basically be broken up into profiles and roles. Although they sound pretty similar, profiles and roles do have some differences. Profiles determine record privileges, and determine what the user can do. Profiles also control some salesforce system privileges. Roles or “Role Hierarchy” allows the user to access subordinate’s records, but doesn’t allow upward access.
While Salesforce has a lot of built in security, there’s still some of the standard risks such as Cross Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection (SOQL Injection). The Salesforce Security Guide can help reduce some of these risks.