SlideShare a Scribd company logo

Secure Salesforce: CRUD / FLS / Sharing

Salesforce Developers
Salesforce Developers

With sharing or without sharing... is that the question? Join us as we help you better understand how to leverage the best Salesforce security features in code. Learn all the best practices for hardening your application and keeping your data secure. We will cover sharing, FLS, CRUD, and all the most common mistakes and misconceptions about how these features work in Apex and Visualforce.

Technology
1 of 28
Download to read offline
Secure Salesforce: CRUD, FLS, and Sharing Daphne Kao Senior Product Security Engineer @daphnekao Ryan Flood Associate Product Security Engineer
Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
Principle of Least Privilege •  Users should only have access to the minimum amount of information required to accomplish their duties, ensuring their ability to take advantage of excess privilege purposefully or accidentally is minimized. Contexts •  User context: Enforces user permissions, field-level security, and sharing rules of the current user. •  System context: Ignores user permissions, field-level security, and sharing rules of the current user. Background
CRUD
What is CRUD? •  Defines user’s access for each object •  Controlled on the profile ​ Create, Read, Update, Delete
​ Apex classes do not enforce CRUD •  Runs in system context ​ Visualforce pages enforce CRUD •  Runs in user context CRUD for Developers
Enforcing CRUD in Apex <sObject>.sObjectType.getDescribe() •  isCreateable() •  isAccessible() •  isUpdateable() •  isDeletable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Account.sObjectType.getDescribe().isAccessible()) { 4  return ''; 5  } 6 }
Enforcing CRUD in Visualforce Visualforce code patterns respect read in CRUD: 1.  <apex:outputField value="{!sObject.Field__c}"/> 2.  <apex:outputText value="{!sObject.Field__c}"/> 3.  {!sObject.Field__c} Visualforce code pattern does not respect read: 1.  <apex:outputText value="{!Object.String}"/>
CRUD Demo
Best Practices and Q&A for CRUD •  Always check CRUD permissions before performing the operation.
FLS
What is FLS? •  Defines user’s access to fields on a given object •  Controlled on the profile ​ Field-Level Security
​ Apex classes do not enforce FLS •  Runs in system context ​ Visualforce pages enforce FLS •  Runs in user context •  Does not enforce FLS for dereferenced fields •  {!Contact.Email} = yes •  {!contactEmail} = no FLS for Developers
Enforcing FLS in Apex Schema.sObjectType.<sObject>.fields.<field> •  isAccessible() •  isUpdateable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Schema.sObjectType.Account.fields.Name.isAccessible()) { 4  return ''; 5  } 6 ... 7 }
​ Apex: Random_Sensitive_Object_1__c r; // Salesforce sObject wRandom_Sensitive_Object_1 wR; // Custom wrapper object wR.Sensitive_Number = r.Sensitive_Number__c; ​ Visualforce: <apex:OutputText value="{!r.Sensitive_Number__c}" /> <!-- FLS RESPECTED --> <apex:OutputText value="{!wR.Sensitive_Number}" /> <!-- FLS IGNORED --> When sObject is assigned a primitive When does the Platform stop respecting FLS?
FLS Demo
Best Practices and Q&A for FLS •  Use sObject references whenever possible. •  Iterate through your list of fields and check FLS for each field.
Sharing
What is Sharing? •  Dictates which records of an object a user can see •  Controlled outside the profile via org-defaults, roles, ownership, and sharing rules ​ Record-level access
​ Apex classes do not enforce sharing by default •  Runs in system context •  Exceptions: Anonymous code blocks, developer console, and standard controllers execute in user context ​ Visualforce pages depend on controllers for record access Sharing for Developers
Enforcing Sharing in Apex •  Default behavior is without sharing. Use with sharing keyword to enforce sharing. •  If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect. •  The sharing setting of the class where the method is defined is applied, not of the class where the method is called. 1 Public with sharing Class MyController { 2 // Code enforces current user’s sharing rules 3 Public without sharing Class MyInnerClass { 4 // Code doesn’t enforce current user’s sharing rules 5 } 6 }
Sharing Demo
Best Practices and Q&A for Sharing •  Sharing keywords don’t enforce CRUD and FLS. •  Explicitly declare with sharing or without sharing for all classes in your code. •  If you must use without sharing, document the reasoning in a comment block.
Summary
CRUD •  Object-level permission. Should the user have access to this object? ​ FLS •  Field-level permission. Should the user have access to this field? ​ Sharing •  Record-level permission. Should the user have access to this record? Developer practices for respecting authorization model Summary
Additional Resources Security Implementation Guide https://developer.salesforce.com/././securityImplGuide/ (full link hidden) CRUD & FLS Enforcement Guide https://developer.salesforce.com/page/Enforcing_CRUD_and_FLS Testing CRUD and FLS Enforcement https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement Using with sharing or without sharing Keywords https://developer.salesforce.com/./././apex_classes_keywords_sharing (full link hidden) Salesforce StackExchange http://salesforce.stackexchange.com/questions/tagged/security Salesforce Developer Security Forum https://developer.salesforce.com/forums Security Office Hours (Partners) http://security.force.com/security/contact/ohours
Thank you

Recommended

A comprehensive guide to Salesforce Org Strategy
A comprehensive guide to Salesforce Org StrategyA comprehensive guide to Salesforce Org Strategy
A comprehensive guide to Salesforce Org StrategyGaytri khandelwal
 
DAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudDAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudAmazon Web Services
 
Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Stormpath
 
"Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J...
"Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J..."Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J...
"Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J...AWS Chicago
 
Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...
Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...
Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...Amazon Web Services
 
Migration Planning
Migration PlanningMigration Planning
Migration PlanningAmazon Web Services
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 

Recommended

A comprehensive guide to Salesforce Org Strategy
A comprehensive guide to Salesforce Org StrategyA comprehensive guide to Salesforce Org Strategy
A comprehensive guide to Salesforce Org StrategyGaytri khandelwal
 
DAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudDAT320_Moving a Galaxy into Cloud
DAT320_Moving a Galaxy into CloudAmazon Web Services
 
Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Multi-Tenancy with Spring Boot
Multi-Tenancy with Spring Boot Stormpath
 
"Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J...
"Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J..."Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J...
"Migrating from Cloud to Cloud: AWS to GCP" - Chris Prouty at Shoppertrak - J...AWS Chicago
 
Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...
Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...
Building Data Lakes and Analytics on AWS; Patterns and Best Practices - BDA30...Amazon Web Services
 
Migration Planning
Migration PlanningMigration Planning
Migration PlanningAmazon Web Services
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
Introduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelIntroduction to the Salesforce Security Model
Introduction to the Salesforce Security ModelSalesforce Developers
 
Building a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudBuilding a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudAmazon Web Services
 
JIRA Service Desk presentation
JIRA Service Desk presentationJIRA Service Desk presentation
JIRA Service Desk presentationMarko Saha
 
ABD315_Serverless ETL with AWS Glue
ABD315_Serverless ETL with AWS GlueABD315_Serverless ETL with AWS Glue
ABD315_Serverless ETL with AWS GlueAmazon Web Services
 
Pros and Cons of a MicroServices Architecture talk at AWS ReInvent
Pros and Cons of a MicroServices Architecture talk at AWS ReInventPros and Cons of a MicroServices Architecture talk at AWS ReInvent
Pros and Cons of a MicroServices Architecture talk at AWS ReInventSudhir Tonse
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon Web Services
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 
Top 10 Checklist For Successful Salesforce Implementation
Top 10 Checklist For Successful Salesforce ImplementationTop 10 Checklist For Successful Salesforce Implementation
Top 10 Checklist For Successful Salesforce ImplementationIntelligentia IT Systems Pvt. Ltd.
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Practical FinOps in Practice
Practical FinOps in PracticePractical FinOps in Practice
Practical FinOps in PracticePetri Kallberg
 
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018Amazon Web Services
 
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018Amazon Web Services
 
Amazon QuickSight First Call Deck
Amazon QuickSight First Call DeckAmazon QuickSight First Call Deck
Amazon QuickSight First Call DeckAmazon Web Services
 
SalesForce Consulting Service & Customization
SalesForce Consulting Service & CustomizationSalesForce Consulting Service & Customization
SalesForce Consulting Service & Customizationvarianceinfotech
 
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...Jitendra Bafna
 
Core Archive for SAP Solutions
Core Archive for SAP SolutionsCore Archive for SAP Solutions
Core Archive for SAP SolutionsOpenText
 
グループのメンバーをすべて取得する
グループのメンバーをすべて取得するグループのメンバーをすべて取得する
グループのメンバーをすべて取得するMichio Koyama
 
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...Amazon Web Services Korea
 
Backup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
Backup & Recovery - Optimize Your Backup and Restore Architectures in the CloudBackup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
Backup & Recovery - Optimize Your Backup and Restore Architectures in the CloudAmazon Web Services
 
Salesforce Sharing Architecture
Salesforce Sharing ArchitectureSalesforce Sharing Architecture
Salesforce Sharing Architecturegemziebeth
 
Secure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISecure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 

More Related Content

What's hot

Building a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudBuilding a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudAmazon Web Services
 
JIRA Service Desk presentation
JIRA Service Desk presentationJIRA Service Desk presentation
JIRA Service Desk presentationMarko Saha
 
ABD315_Serverless ETL with AWS Glue
ABD315_Serverless ETL with AWS GlueABD315_Serverless ETL with AWS Glue
ABD315_Serverless ETL with AWS GlueAmazon Web Services
 
Pros and Cons of a MicroServices Architecture talk at AWS ReInvent
Pros and Cons of a MicroServices Architecture talk at AWS ReInventPros and Cons of a MicroServices Architecture talk at AWS ReInvent
Pros and Cons of a MicroServices Architecture talk at AWS ReInventSudhir Tonse
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon Web Services
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
Practical FinOps in Practice
Practical FinOps in PracticePractical FinOps in Practice
Practical FinOps in PracticePetri Kallberg
 
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018Amazon Web Services
 
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018Amazon Web Services
 
Amazon QuickSight First Call Deck
Amazon QuickSight First Call DeckAmazon QuickSight First Call Deck
Amazon QuickSight First Call DeckAmazon Web Services
 
SalesForce Consulting Service & Customization
SalesForce Consulting Service & CustomizationSalesForce Consulting Service & Customization
SalesForce Consulting Service & Customizationvarianceinfotech
 
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...Jitendra Bafna
 
Core Archive for SAP Solutions
Core Archive for SAP SolutionsCore Archive for SAP Solutions
Core Archive for SAP SolutionsOpenText
 
グループのメンバーをすべて取得する
グループのメンバーをすべて取得するグループのメンバーをすべて取得する
グループのメンバーをすべて取得するMichio Koyama
 
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...Amazon Web Services Korea
 
Backup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
Backup & Recovery - Optimize Your Backup and Restore Architectures in the CloudBackup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
Backup & Recovery - Optimize Your Backup and Restore Architectures in the CloudAmazon Web Services
 
Salesforce Sharing Architecture
Salesforce Sharing ArchitectureSalesforce Sharing Architecture
Salesforce Sharing Architecturegemziebeth
 

What's hot (20)

Building a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudBuilding a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to Cloud
 
JIRA Service Desk presentation
JIRA Service Desk presentationJIRA Service Desk presentation
JIRA Service Desk presentation
 
ABD315_Serverless ETL with AWS Glue
ABD315_Serverless ETL with AWS GlueABD315_Serverless ETL with AWS Glue
ABD315_Serverless ETL with AWS Glue
 
Pros and Cons of a MicroServices Architecture talk at AWS ReInvent
Pros and Cons of a MicroServices Architecture talk at AWS ReInventPros and Cons of a MicroServices Architecture talk at AWS ReInvent
Pros and Cons of a MicroServices Architecture talk at AWS ReInvent
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and Sharing
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
Top 10 Checklist For Successful Salesforce Implementation
Top 10 Checklist For Successful Salesforce ImplementationTop 10 Checklist For Successful Salesforce Implementation
Top 10 Checklist For Successful Salesforce Implementation
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
Practical FinOps in Practice
Practical FinOps in PracticePractical FinOps in Practice
Practical FinOps in Practice
 
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
Building Advanced Workflows with AWS Glue (ANT372) - AWS re:Invent 2018
 
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018
 
Amazon QuickSight First Call Deck
Amazon QuickSight First Call DeckAmazon QuickSight First Call Deck
Amazon QuickSight First Call Deck
 
SalesForce Consulting Service & Customization
SalesForce Consulting Service & CustomizationSalesForce Consulting Service & Customization
SalesForce Consulting Service & Customization
 
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
MuleSoft Surat Meetup#48 - Anypoint API Governance (RAML, OAS and Async API) ...
 
Core Archive for SAP Solutions
Core Archive for SAP SolutionsCore Archive for SAP Solutions
Core Archive for SAP Solutions
 
グループのメンバーをすべて取得する
グループのメンバーをすべて取得するグループのメンバーをすべて取得する
グループのメンバーをすべて取得する
 
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
카오스 엔지니어링을 활용한 마이크로서비스 안정성 개선하기 - 정준우, AWS 솔루션즈 아키텍트:: AWS Summit Online Kor...
 
Backup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
Backup & Recovery - Optimize Your Backup and Restore Architectures in the CloudBackup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
Backup & Recovery - Optimize Your Backup and Restore Architectures in the Cloud
 
Salesforce Sharing Architecture
Salesforce Sharing ArchitectureSalesforce Sharing Architecture
Salesforce Sharing Architecture
 

Similar to Secure Salesforce: CRUD / FLS / Sharing

Secure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISecure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
Staying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 KeynoteStaying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 KeynoteSalesforce Admins
 
Manage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with GovernanceManage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with GovernanceSalesforce Admins
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedSalesforce Developers
 
Best Practices for Team Development in a Single Org
Best Practices for Team Development in a Single OrgBest Practices for Team Development in a Single Org
Best Practices for Team Development in a Single OrgSalesforce Developers
 
ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)Salesforce Partners
 
Sandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam BarnetSandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam BarnetSalesforce Admins
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivitySalesforce Admins
 
Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017Salesforce Admins
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
Manage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance FrameworkManage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance FrameworkSalesforce Developers
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded AdminSalesforce Admins
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 

Similar to Secure Salesforce: CRUD / FLS / Sharing (20)

Secure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISecure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part I
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
Staying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 KeynoteStaying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 Keynote
 
Manage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with GovernanceManage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with Governance
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE Evolved
 
Coding in the App Cloud
Coding in the App CloudCoding in the App Cloud
Coding in the App Cloud
 
Best Practices for Team Development in a Single Org
Best Practices for Team Development in a Single OrgBest Practices for Team Development in a Single Org
Best Practices for Team Development in a Single Org
 
ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)
 
Sandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam BarnetSandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam Barnet
 
Development Best Practices
Development Best PracticesDevelopment Best Practices
Development Best Practices
 
Deep Dive into Apex Triggers
Deep Dive into Apex TriggersDeep Dive into Apex Triggers
Deep Dive into Apex Triggers
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
 
Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
Adopting Salesforce DX
Adopting Salesforce DXAdopting Salesforce DX
Adopting Salesforce DX
 
Manage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance FrameworkManage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance Framework
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded Admin
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloud
 
Quality Control in Development
Quality Control in DevelopmentQuality Control in Development
Quality Control in Development
 
Force.com Friday - Intro to Visualforce
Force.com Friday - Intro to VisualforceForce.com Friday - Intro to Visualforce
Force.com Friday - Intro to Visualforce
 

More from Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesSalesforce Developers
 

More from Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component Performance
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An Introduction
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development Strategies
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Secure Salesforce: CRUD / FLS / Sharing

  • 1. Secure Salesforce: CRUD, FLS, and Sharing Daphne Kao Senior Product Security Engineer @daphnekao Ryan Flood Associate Product Security Engineer
  • 2. Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
  • 3. ​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
  • 4. Principle of Least Privilege •  Users should only have access to the minimum amount of information required to accomplish their duties, ensuring their ability to take advantage of excess privilege purposefully or accidentally is minimized. Contexts •  User context: Enforces user permissions, field-level security, and sharing rules of the current user. •  System context: Ignores user permissions, field-level security, and sharing rules of the current user. Background
  • 6. What is CRUD? •  Defines user’s access for each object •  Controlled on the profile ​ Create, Read, Update, Delete
  • 7. ​ Apex classes do not enforce CRUD •  Runs in system context ​ Visualforce pages enforce CRUD •  Runs in user context CRUD for Developers
  • 8. Enforcing CRUD in Apex <sObject>.sObjectType.getDescribe() •  isCreateable() •  isAccessible() •  isUpdateable() •  isDeletable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Account.sObjectType.getDescribe().isAccessible()) { 4  return ''; 5  } 6 }
  • 9. Enforcing CRUD in Visualforce Visualforce code patterns respect read in CRUD: 1.  <apex:outputField value="{!sObject.Field__c}"/> 2.  <apex:outputText value="{!sObject.Field__c}"/> 3.  {!sObject.Field__c} Visualforce code pattern does not respect read: 1.  <apex:outputText value="{!Object.String}"/>
  • 11. Best Practices and Q&A for CRUD •  Always check CRUD permissions before performing the operation.
  • 12. FLS
  • 13. What is FLS? •  Defines user’s access to fields on a given object •  Controlled on the profile ​ Field-Level Security
  • 14. ​ Apex classes do not enforce FLS •  Runs in system context ​ Visualforce pages enforce FLS •  Runs in user context •  Does not enforce FLS for dereferenced fields •  {!Contact.Email} = yes •  {!contactEmail} = no FLS for Developers
  • 15. Enforcing FLS in Apex Schema.sObjectType.<sObject>.fields.<field> •  isAccessible() •  isUpdateable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Schema.sObjectType.Account.fields.Name.isAccessible()) { 4  return ''; 5  } 6 ... 7 }
  • 16. ​ Apex: Random_Sensitive_Object_1__c r; // Salesforce sObject wRandom_Sensitive_Object_1 wR; // Custom wrapper object wR.Sensitive_Number = r.Sensitive_Number__c; ​ Visualforce: <apex:OutputText value="{!r.Sensitive_Number__c}" /> <!-- FLS RESPECTED --> <apex:OutputText value="{!wR.Sensitive_Number}" /> <!-- FLS IGNORED --> When sObject is assigned a primitive When does the Platform stop respecting FLS?
  • 18. Best Practices and Q&A for FLS •  Use sObject references whenever possible. •  Iterate through your list of fields and check FLS for each field.
  • 20. What is Sharing? •  Dictates which records of an object a user can see •  Controlled outside the profile via org-defaults, roles, ownership, and sharing rules ​ Record-level access
  • 21. ​ Apex classes do not enforce sharing by default •  Runs in system context •  Exceptions: Anonymous code blocks, developer console, and standard controllers execute in user context ​ Visualforce pages depend on controllers for record access Sharing for Developers
  • 22. Enforcing Sharing in Apex •  Default behavior is without sharing. Use with sharing keyword to enforce sharing. •  If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect. •  The sharing setting of the class where the method is defined is applied, not of the class where the method is called. 1 Public with sharing Class MyController { 2 // Code enforces current user’s sharing rules 3 Public without sharing Class MyInnerClass { 4 // Code doesn’t enforce current user’s sharing rules 5 } 6 }
  • 24. Best Practices and Q&A for Sharing •  Sharing keywords don’t enforce CRUD and FLS. •  Explicitly declare with sharing or without sharing for all classes in your code. •  If you must use without sharing, document the reasoning in a comment block.
  • 26. CRUD •  Object-level permission. Should the user have access to this object? ​ FLS •  Field-level permission. Should the user have access to this field? ​ Sharing •  Record-level permission. Should the user have access to this record? Developer practices for respecting authorization model Summary
  • 27. Additional Resources Security Implementation Guide https://developer.salesforce.com/././securityImplGuide/ (full link hidden) CRUD & FLS Enforcement Guide https://developer.salesforce.com/page/Enforcing_CRUD_and_FLS Testing CRUD and FLS Enforcement https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement Using with sharing or without sharing Keywords https://developer.salesforce.com/./././apex_classes_keywords_sharing (full link hidden) Salesforce StackExchange http://salesforce.stackexchange.com/questions/tagged/security Salesforce Developer Security Forum https://developer.salesforce.com/forums Security Office Hours (Partners) http://security.force.com/security/contact/ohours