With sharing or without sharing... is that the question? Join us as we help you better understand how to leverage the best Salesforce security features in code. Learn all the best practices for hardening your application and keeping your data secure. We will cover sharing, FLS, CRUD, and all the most common mistakes and misconceptions about how these features work in Apex and Visualforce.
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Secure Salesforce: CRUD / FLS / Sharing
1. Secure Salesforce:
CRUD, FLS, and Sharing
Daphne Kao
Senior Product Security Engineer
@daphnekao
Ryan Flood
Associate Product Security Engineer
2. Secure Salesforce at Dreamforce 2015
10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of
Security on the Salesforce Platform
Visit our booth in the DevZone with any security questions
Check out the schedule and details at http://bit.ly/DF15Sec
Admin-related security questions?
Join us for coffee in the Admin Zone Security Cafe
3. Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties
materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed
or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-
looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any
statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new,
planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new
functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our
operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any
litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our
relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our
service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger
enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our
annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter.
These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section
of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available
and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features
that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Safe Harbor
4. Principle of Least Privilege
• Users should only have access to the minimum amount of information required to accomplish their duties,
ensuring their ability to take advantage of excess privilege purposefully or accidentally is minimized.
Contexts
• User context: Enforces user permissions, field-level security, and sharing rules of the current user.
• System context: Ignores user permissions, field-level security, and sharing rules of the current user.
Background
13. What is FLS?
• Defines user’s access to
fields on a given object
• Controlled on the profile
Field-Level Security
14. Apex classes do not enforce FLS
• Runs in system context
Visualforce pages enforce FLS
• Runs in user context
• Does not enforce FLS for dereferenced fields
• {!Contact.Email} = yes
• {!contactEmail} = no
FLS for Developers
15. Enforcing FLS in Apex
Schema.sObjectType.<sObject>.fields.<field>
• isAccessible()
• isUpdateable()
1 Public Class MyController {
2 Public String getmyAccount {
3 if (!Schema.sObjectType.Account.fields.Name.isAccessible()) {
4 return '';
5 }
6 ...
7 }
16. Apex:
Random_Sensitive_Object_1__c r; // Salesforce sObject
wRandom_Sensitive_Object_1 wR; // Custom wrapper object
wR.Sensitive_Number = r.Sensitive_Number__c;
Visualforce:
<apex:OutputText value="{!r.Sensitive_Number__c}" /> <!-- FLS RESPECTED -->
<apex:OutputText value="{!wR.Sensitive_Number}" /> <!-- FLS IGNORED -->
When sObject is assigned a primitive
When does the Platform stop respecting FLS?
20. What is Sharing?
• Dictates which records of
an object a user can see
• Controlled outside the
profile via org-defaults,
roles, ownership, and
sharing rules
Record-level access
21. Apex classes do not enforce sharing by default
• Runs in system context
• Exceptions: Anonymous code blocks, developer console, and standard controllers execute in user context
Visualforce pages depend on controllers for record access
Sharing for Developers
22. Enforcing Sharing in Apex
• Default behavior is without sharing. Use with sharing keyword to enforce sharing.
• If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect.
• The sharing setting of the class where the method is defined is applied, not of the class where the
method is called.
1 Public with sharing Class MyController {
2 // Code enforces current user’s sharing rules
3 Public without sharing Class MyInnerClass {
4 // Code doesn’t enforce current user’s sharing rules
5 }
6 }
24. Best Practices and Q&A for Sharing
• Sharing keywords don’t enforce CRUD and FLS.
• Explicitly declare with sharing or without sharing for all classes in your code.
• If you must use without sharing, document the reasoning in a comment block.
26. CRUD
• Object-level permission. Should the user have access to this object?
FLS
• Field-level permission. Should the user have access to this field?
Sharing
• Record-level permission. Should the user have access to this record?
Developer practices for respecting authorization model
Summary
27. Additional Resources
Security Implementation Guide
https://developer.salesforce.com/././securityImplGuide/ (full link hidden)
CRUD & FLS Enforcement Guide
https://developer.salesforce.com/page/Enforcing_CRUD_and_FLS
Testing CRUD and FLS Enforcement
https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement
Using with sharing or without sharing Keywords
https://developer.salesforce.com/./././apex_classes_keywords_sharing (full link hidden)
Salesforce StackExchange
http://salesforce.stackexchange.com/questions/tagged/security
Salesforce Developer Security Forum
https://developer.salesforce.com/forums
Security Office Hours (Partners)
http://security.force.com/security/contact/ohours