Dynamic SOQL query relationship with field visibility for UsersAbout salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query

Why are oscilloscope input impedances so low?

Disabling quote conversion in docstrings

Make me a minimum magic sum

no sense/need/point

Is Iron Man stronger than the Hulk?

Sheared off exhasut pipe: How to fix without a welder?

Is 'contemporary' ambiguous and if so is there a better word?

Where are the "shires" in the UK?

Dihedral group D4 composition with custom labels

What happens if I accidentally leave an app running and click "Install Now" in Software Updater?

In "Avengers: Endgame", what does this name refer to?

Which "exotic salt" can lower water's freezing point by –70 °C?

about academic proof-reading, what to do in this situation?

Speed up this NIntegrate

weird pluperfect subjunctive in Eutropius

As black, how should one respond to 4. Qe2 by white in the Russian Game, Damiano Variation?

Dangerous workplace travelling

All of my Firefox add-ons been disabled suddenly, how can I re-enable them?

How to display number in triangular pattern with plus sign

Page count conversion from single to double-space for submissions

How to deal with employer who keeps me at work after working hours

Endgame puzzle: How to avoid stalemate and win?

Can my 2 children, aged 10 and 12, who are US citizens, travel to the USA on expired American passports?

What is a precise issue with allowing getters?



Dynamic SOQL query relationship with field visibility for Users


About salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



public with sharing class QuerySelector 

public static List<SObject> dynamicQuerySelector(Set<Id> idSet)

// check if null

List<SObject> sObjectList = new List<SObject>();

if(idSet.size() > 0)

// convert the set to a list
List<Id> idList = new List<Id>(idSet);


Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());

Set<String> fieldNames = sor.fields.getMap().keySet();

String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

sObjectList = Database.query(recordQuery);

return sObjectList;

return sObjectList;











share|improve this question




























    2















    I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



    public with sharing class QuerySelector 

    public static List<SObject> dynamicQuerySelector(Set<Id> idSet)

    // check if null

    List<SObject> sObjectList = new List<SObject>();

    if(idSet.size() > 0)

    // convert the set to a list
    List<Id> idList = new List<Id>(idSet);


    Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
    String recObject = String.valueOf(sor.getName());

    Set<String> fieldNames = sor.fields.getMap().keySet();

    String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

    sObjectList = Database.query(recordQuery);

    return sObjectList;

    return sObjectList;











    share|improve this question
























      2












      2








      2








      I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



      public with sharing class QuerySelector 

      public static List<SObject> dynamicQuerySelector(Set<Id> idSet)

      // check if null

      List<SObject> sObjectList = new List<SObject>();

      if(idSet.size() > 0)

      // convert the set to a list
      List<Id> idList = new List<Id>(idSet);


      Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
      String recObject = String.valueOf(sor.getName());

      Set<String> fieldNames = sor.fields.getMap().keySet();

      String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

      sObjectList = Database.query(recordQuery);

      return sObjectList;

      return sObjectList;











      share|improve this question














      I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



      public with sharing class QuerySelector 

      public static List<SObject> dynamicQuerySelector(Set<Id> idSet)

      // check if null

      List<SObject> sObjectList = new List<SObject>();

      if(idSet.size() > 0)

      // convert the set to a list
      List<Id> idList = new List<Id>(idSet);


      Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
      String recObject = String.valueOf(sor.getName());

      Set<String> fieldNames = sor.fields.getMap().keySet();

      String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

      sObjectList = Database.query(recordQuery);

      return sObjectList;

      return sObjectList;








      apex soql






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Apr 26 at 19:22









      Matthew MetrosMatthew Metros

      915




      915




















          1 Answer
          1






          active

          oldest

          votes


















          6














          By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



          There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "459"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            6














            By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



            There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






            share|improve this answer



























              6














              By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



              There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






              share|improve this answer

























                6












                6








                6







                By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



                There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






                share|improve this answer













                By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



                There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Apr 26 at 19:29









                sfdcfoxsfdcfox

                268k13214463




                268k13214463



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Salesforce Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

                    Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

                    What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company