Dynamic SOQL query relationship with field visibility for UsersAbout salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query
Why are oscilloscope input impedances so low?
Disabling quote conversion in docstrings
Make me a minimum magic sum
no sense/need/point
Is Iron Man stronger than the Hulk?
Sheared off exhasut pipe: How to fix without a welder?
Is 'contemporary' ambiguous and if so is there a better word?
Where are the "shires" in the UK?
Dihedral group D4 composition with custom labels
What happens if I accidentally leave an app running and click "Install Now" in Software Updater?
In "Avengers: Endgame", what does this name refer to?
Which "exotic salt" can lower water's freezing point by –70 °C?
about academic proof-reading, what to do in this situation?
Speed up this NIntegrate
weird pluperfect subjunctive in Eutropius
As black, how should one respond to 4. Qe2 by white in the Russian Game, Damiano Variation?
Dangerous workplace travelling
All of my Firefox add-ons been disabled suddenly, how can I re-enable them?
How to display number in triangular pattern with plus sign
Page count conversion from single to double-space for submissions
How to deal with employer who keeps me at work after working hours
Endgame puzzle: How to avoid stalemate and win?
Can my 2 children, aged 10 and 12, who are US citizens, travel to the USA on expired American passports?
What is a precise issue with allowing getters?
Dynamic SOQL query relationship with field visibility for Users
About salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
add a comment |
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
add a comment |
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
apex soql
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
asked Apr 26 at 19:22
Matthew MetrosMatthew Metros
915
915
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "459"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
add a comment |
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
add a comment |
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
answered Apr 26 at 19:29
sfdcfoxsfdcfox
268k13214463
268k13214463
add a comment |
add a comment |
Thanks for contributing an answer to Salesforce Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
