SlideShare a Scribd company logo

Secure Salesforce: CRUD / FLS / Sharing

Salesforce Developers
Salesforce Developers

With sharing or without sharing... is that the question? Join us as we help you better understand how to leverage the best Salesforce security features in code. Learn all the best practices for hardening your application and keeping your data secure. We will cover sharing, FLS, CRUD, and all the most common mistakes and misconceptions about how these features work in Apex and Visualforce.

Technology
1 of 28
Download to read offline
Secure Salesforce: CRUD, FLS, and Sharing Daphne Kao Senior Product Security Engineer @daphnekao Ryan Flood Associate Product Security Engineer
Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
Principle of Least Privilege •  Users should only have access to the minimum amount of information required to accomplish their duties, ensuring their ability to take advantage of excess privilege purposefully or accidentally is minimized. Contexts •  User context: Enforces user permissions, field-level security, and sharing rules of the current user. •  System context: Ignores user permissions, field-level security, and sharing rules of the current user. Background
CRUD
What is CRUD? •  Defines user’s access for each object •  Controlled on the profile ​ Create, Read, Update, Delete
​ Apex classes do not enforce CRUD •  Runs in system context ​ Visualforce pages enforce CRUD •  Runs in user context CRUD for Developers
Enforcing CRUD in Apex <sObject>.sObjectType.getDescribe() •  isCreateable() •  isAccessible() •  isUpdateable() •  isDeletable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Account.sObjectType.getDescribe().isAccessible()) { 4  return ''; 5  } 6 }
Enforcing CRUD in Visualforce Visualforce code patterns respect read in CRUD: 1.  <apex:outputField value="{!sObject.Field__c}"/> 2.  <apex:outputText value="{!sObject.Field__c}"/> 3.  {!sObject.Field__c} Visualforce code pattern does not respect read: 1.  <apex:outputText value="{!Object.String}"/>
CRUD Demo
Best Practices and Q&A for CRUD •  Always check CRUD permissions before performing the operation.
FLS
What is FLS? •  Defines user’s access to fields on a given object •  Controlled on the profile ​ Field-Level Security
​ Apex classes do not enforce FLS •  Runs in system context ​ Visualforce pages enforce FLS •  Runs in user context •  Does not enforce FLS for dereferenced fields •  {!Contact.Email} = yes •  {!contactEmail} = no FLS for Developers
Enforcing FLS in Apex Schema.sObjectType.<sObject>.fields.<field> •  isAccessible() •  isUpdateable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Schema.sObjectType.Account.fields.Name.isAccessible()) { 4  return ''; 5  } 6 ... 7 }
​ Apex: Random_Sensitive_Object_1__c r; // Salesforce sObject wRandom_Sensitive_Object_1 wR; // Custom wrapper object wR.Sensitive_Number = r.Sensitive_Number__c; ​ Visualforce: <apex:OutputText value="{!r.Sensitive_Number__c}" /> <!-- FLS RESPECTED --> <apex:OutputText value="{!wR.Sensitive_Number}" /> <!-- FLS IGNORED --> When sObject is assigned a primitive When does the Platform stop respecting FLS?
FLS Demo
Best Practices and Q&A for FLS •  Use sObject references whenever possible. •  Iterate through your list of fields and check FLS for each field.
Sharing
What is Sharing? •  Dictates which records of an object a user can see •  Controlled outside the profile via org-defaults, roles, ownership, and sharing rules ​ Record-level access
​ Apex classes do not enforce sharing by default •  Runs in system context •  Exceptions: Anonymous code blocks, developer console, and standard controllers execute in user context ​ Visualforce pages depend on controllers for record access Sharing for Developers
Enforcing Sharing in Apex •  Default behavior is without sharing. Use with sharing keyword to enforce sharing. •  If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect. •  The sharing setting of the class where the method is defined is applied, not of the class where the method is called. 1 Public with sharing Class MyController { 2 // Code enforces current user’s sharing rules 3 Public without sharing Class MyInnerClass { 4 // Code doesn’t enforce current user’s sharing rules 5 } 6 }
Sharing Demo
Best Practices and Q&A for Sharing •  Sharing keywords don’t enforce CRUD and FLS. •  Explicitly declare with sharing or without sharing for all classes in your code. •  If you must use without sharing, document the reasoning in a comment block.
Summary
CRUD •  Object-level permission. Should the user have access to this object? ​ FLS •  Field-level permission. Should the user have access to this field? ​ Sharing •  Record-level permission. Should the user have access to this record? Developer practices for respecting authorization model Summary
Additional Resources Security Implementation Guide https://developer.salesforce.com/././securityImplGuide/ (full link hidden) CRUD & FLS Enforcement Guide https://developer.salesforce.com/page/Enforcing_CRUD_and_FLS Testing CRUD and FLS Enforcement https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement Using with sharing or without sharing Keywords https://developer.salesforce.com/./././apex_classes_keywords_sharing (full link hidden) Salesforce StackExchange http://salesforce.stackexchange.com/questions/tagged/security Salesforce Developer Security Forum https://developer.salesforce.com/forums Security Office Hours (Partners) http://security.force.com/security/contact/ohours
Thank you

Recommended

Optimizing cloud firestore reads
Optimizing cloud firestore readsOptimizing cloud firestore reads
Optimizing cloud firestore readsRyan Sneyd
 
How to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized OptimizationsHow to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized OptimizationsDatabricks
 
S3 Versioning.pptx
S3 Versioning.pptxS3 Versioning.pptx
S3 Versioning.pptxAdityaDadheech6
 
Fraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSFraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSAmazon Web Services
 
M365 Structure & Document Managment Architecture Design Overview - Innovate ...
M365 Structure & Document Managment Architecture Design Overview - Innovate ...M365 Structure & Document Managment Architecture Design Overview - Innovate ...
M365 Structure & Document Managment Architecture Design Overview - Innovate ...Innovate Vancouver
 
喬叔 Elasticsearch Index 管理技巧與效能優化
喬叔 Elasticsearch Index 管理技巧與效能優化喬叔 Elasticsearch Index 管理技巧與效能優化
喬叔 Elasticsearch Index 管理技巧與效能優化Joe Wu
 
Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...
Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...
Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...Spark Summit
 
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Amazon Web Services
 

Recommended

Optimizing cloud firestore reads
Optimizing cloud firestore readsOptimizing cloud firestore reads
Optimizing cloud firestore readsRyan Sneyd
 
How to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized OptimizationsHow to Extend Apache Spark with Customized Optimizations
How to Extend Apache Spark with Customized OptimizationsDatabricks
 
S3 Versioning.pptx
S3 Versioning.pptxS3 Versioning.pptx
S3 Versioning.pptxAdityaDadheech6
 
Fraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSFraud Detection with Amazon Machine Learning on AWS
Fraud Detection with Amazon Machine Learning on AWSAmazon Web Services
 
M365 Structure & Document Managment Architecture Design Overview - Innovate ...
M365 Structure & Document Managment Architecture Design Overview - Innovate ...M365 Structure & Document Managment Architecture Design Overview - Innovate ...
M365 Structure & Document Managment Architecture Design Overview - Innovate ...Innovate Vancouver
 
喬叔 Elasticsearch Index 管理技巧與效能優化
喬叔 Elasticsearch Index 管理技巧與效能優化喬叔 Elasticsearch Index 管理技巧與效能優化
喬叔 Elasticsearch Index 管理技巧與效能優化Joe Wu
 
Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...
Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...
Apache Carbondata: An Indexed Columnar File Format for Interactive Query with...Spark Summit
 
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018
Best Practices for Securing an Amazon VPC (NET318) - AWS re:Invent 2018Amazon Web Services
 
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Joanne Klein
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyBig Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyGidonGershinsky
 
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...Amazon Web Services
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365Joanne Klein
 
Insight Asset Management in Jira and eazyBI Powered Insight Reporting
Insight Asset Management in Jira and eazyBI Powered Insight ReportingInsight Asset Management in Jira and eazyBI Powered Insight Reporting
Insight Asset Management in Jira and eazyBI Powered Insight ReportingeazyBI
 
Introduction to Microsoft Syntex
Introduction to Microsoft SyntexIntroduction to Microsoft Syntex
Introduction to Microsoft SyntexDrew Madelung
 
Social Media Intelligence using Elasticsearch & Kibana
Social Media Intelligence using Elasticsearch & KibanaSocial Media Intelligence using Elasticsearch & Kibana
Social Media Intelligence using Elasticsearch & KibanaTiziano Fagni
 
ぼくがAthenaで死ぬまで
ぼくがAthenaで死ぬまでぼくがAthenaで死ぬまで
ぼくがAthenaで死ぬまでShinichi Takahashi
 
Monitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & InsightsMonitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & InsightsSynergetics Learning and Cloud Consulting
 
Enabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointEnabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointDrew Madelung
 
OneDrive & SharePoint Better Together
OneDrive & SharePoint Better TogetherOneDrive & SharePoint Better Together
OneDrive & SharePoint Better TogetherDrew Madelung
 
Building an Effective Data Warehouse Architecture
Building an Effective Data Warehouse ArchitectureBuilding an Effective Data Warehouse Architecture
Building an Effective Data Warehouse ArchitectureJames Serra
 
A tour of Amazon Redshift
A tour of Amazon RedshiftA tour of Amazon Redshift
A tour of Amazon RedshiftKel Graham
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS
Deploy a DoD Secure Cloud Computing Architecture Environment in AWSDeploy a DoD Secure Cloud Computing Architecture Environment in AWS
Deploy a DoD Secure Cloud Computing Architecture Environment in AWSAmazon Web Services
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオjunichi anno
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...Simplilearn
 
Secure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISecure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISalesforce Developers
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 

More Related Content

What's hot

Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Joanne Klein
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxElasticsearch
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityDrew Madelung
 
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyBig Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyGidonGershinsky
 
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...Amazon Web Services
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365Joanne Klein
 
Insight Asset Management in Jira and eazyBI Powered Insight Reporting
Insight Asset Management in Jira and eazyBI Powered Insight ReportingInsight Asset Management in Jira and eazyBI Powered Insight Reporting
Insight Asset Management in Jira and eazyBI Powered Insight ReportingeazyBI
 
Introduction to Microsoft Syntex
Introduction to Microsoft SyntexIntroduction to Microsoft Syntex
Introduction to Microsoft SyntexDrew Madelung
 
Social Media Intelligence using Elasticsearch & Kibana
Social Media Intelligence using Elasticsearch & KibanaSocial Media Intelligence using Elasticsearch & Kibana
Social Media Intelligence using Elasticsearch & KibanaTiziano Fagni
 
ぼくがAthenaで死ぬまで
ぼくがAthenaで死ぬまでぼくがAthenaで死ぬまで
ぼくがAthenaで死ぬまでShinichi Takahashi
 
Enabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointEnabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointDrew Madelung
 
OneDrive & SharePoint Better Together
OneDrive & SharePoint Better TogetherOneDrive & SharePoint Better Together
OneDrive & SharePoint Better TogetherDrew Madelung
 
Building an Effective Data Warehouse Architecture
Building an Effective Data Warehouse ArchitectureBuilding an Effective Data Warehouse Architecture
Building an Effective Data Warehouse ArchitectureJames Serra
 
A tour of Amazon Redshift
A tour of Amazon RedshiftA tour of Amazon Redshift
A tour of Amazon RedshiftKel Graham
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS
Deploy a DoD Secure Cloud Computing Architecture Environment in AWSDeploy a DoD Secure Cloud Computing Architecture Environment in AWS
Deploy a DoD Secure Cloud Computing Architecture Environment in AWSAmazon Web Services
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオjunichi anno
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...Simplilearn
 

What's hot (20)

Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
Taking a Crawl-Walk-Run Approach to Office 365 Retention - Ottawa SPUG (no de...
 
An introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolboxAn introduction to Elasticsearch's advanced relevance ranking toolbox
An introduction to Elasticsearch's advanced relevance ranking toolbox
 
Labelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & Sensitivity
 
Big Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon GershinskyBig Data Security in Apache Projects by Gidon Gershinsky
Big Data Security in Apache Projects by Gidon Gershinsky
 
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
AWS re:Invent 2016: Workshop: AWS S3 Deep-Dive Hands-On Workshop: Deploying a...
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365
 
Insight Asset Management in Jira and eazyBI Powered Insight Reporting
Insight Asset Management in Jira and eazyBI Powered Insight ReportingInsight Asset Management in Jira and eazyBI Powered Insight Reporting
Insight Asset Management in Jira and eazyBI Powered Insight Reporting
 
Introduction to Microsoft Syntex
Introduction to Microsoft SyntexIntroduction to Microsoft Syntex
Introduction to Microsoft Syntex
 
Social Media Intelligence using Elasticsearch & Kibana
Social Media Intelligence using Elasticsearch & KibanaSocial Media Intelligence using Elasticsearch & Kibana
Social Media Intelligence using Elasticsearch & Kibana
 
ぼくがAthenaで死ぬまで
ぼくがAthenaで死ぬまでぼくがAthenaで死ぬまで
ぼくがAthenaで死ぬまで
 
Monitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & InsightsMonitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & Insights
 
Enabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePointEnabling Sharing & Collaboration in OneDrive & SharePoint
Enabling Sharing & Collaboration in OneDrive & SharePoint
 
OneDrive & SharePoint Better Together
OneDrive & SharePoint Better TogetherOneDrive & SharePoint Better Together
OneDrive & SharePoint Better Together
 
Building an Effective Data Warehouse Architecture
Building an Effective Data Warehouse ArchitectureBuilding an Effective Data Warehouse Architecture
Building an Effective Data Warehouse Architecture
 
A tour of Amazon Redshift
A tour of Amazon RedshiftA tour of Amazon Redshift
A tour of Amazon Redshift
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS
Deploy a DoD Secure Cloud Computing Architecture Environment in AWSDeploy a DoD Secure Cloud Computing Architecture Environment in AWS
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオ
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
 

Similar to Secure Salesforce: CRUD / FLS / Sharing

Secure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISecure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISalesforce Developers
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
Staying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 KeynoteStaying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 KeynoteSalesforce Admins
 
Manage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with GovernanceManage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with GovernanceSalesforce Admins
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedSalesforce Developers
 
Best Practices for Team Development in a Single Org
Best Practices for Team Development in a Single OrgBest Practices for Team Development in a Single Org
Best Practices for Team Development in a Single OrgSalesforce Developers
 
ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)Salesforce Partners
 
Sandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam BarnetSandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam BarnetSalesforce Admins
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivitySalesforce Admins
 
Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017Salesforce Admins
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
Manage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance FrameworkManage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance FrameworkSalesforce Developers
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded AdminSalesforce Admins
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 

Similar to Secure Salesforce: CRUD / FLS / Sharing (20)

Secure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part ISecure Development on the Salesforce Platform - Part I
Secure Development on the Salesforce Platform - Part I
 
Secure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and SharingSecure Coding: Field-level Security, CRUD, and Sharing
Secure Coding: Field-level Security, CRUD, and Sharing
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
Staying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 KeynoteStaying Ahead of the Curve with Lightning - Snowforce16 Keynote
Staying Ahead of the Curve with Lightning - Snowforce16 Keynote
 
Manage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with GovernanceManage Salesforce Like a Pro with Governance
Manage Salesforce Like a Pro with Governance
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE Evolved
 
Coding in the App Cloud
Coding in the App CloudCoding in the App Cloud
Coding in the App Cloud
 
Best Practices for Team Development in a Single Org
Best Practices for Team Development in a Single OrgBest Practices for Team Development in a Single Org
Best Practices for Team Development in a Single Org
 
ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)ISV Lightning Webinar Series - Part 2 (December 8, 2015)
ISV Lightning Webinar Series - Part 2 (December 8, 2015)
 
Sandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam BarnetSandboxes: The Future of App Development by Evan Barnet & Pam Barnet
Sandboxes: The Future of App Development by Evan Barnet & Pam Barnet
 
Development Best Practices
Development Best PracticesDevelopment Best Practices
Development Best Practices
 
Deep Dive into Apex Triggers
Deep Dive into Apex TriggersDeep Dive into Apex Triggers
Deep Dive into Apex Triggers
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
 
Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017Build Your Lightning Rollout Plan - September 2017
Build Your Lightning Rollout Plan - September 2017
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
Adopting Salesforce DX
Adopting Salesforce DXAdopting Salesforce DX
Adopting Salesforce DX
 
Manage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance FrameworkManage Development in Your Org with Salesforce Governance Framework
Manage Development in Your Org with Salesforce Governance Framework
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded Admin
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloud
 
Quality Control in Development
Quality Control in DevelopmentQuality Control in Development
Quality Control in Development
 

More from Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesSalesforce Developers
 

More from Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component Performance
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An Introduction
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development Strategies
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Secure Salesforce: CRUD / FLS / Sharing

  • 1. Secure Salesforce: CRUD, FLS, and Sharing Daphne Kao Senior Product Security Engineer @daphnekao Ryan Flood Associate Product Security Engineer
  • 2. Secure Salesforce at Dreamforce 2015 ​  10 DevZone Talks and 2 Lighting Zone Talks covering all aspects of Security on the Salesforce Platform ​  Visit our booth in the DevZone with any security questions ​  Check out the schedule and details at http://bit.ly/DF15Sec ​  Admin-related security questions? ​  Join us for coffee in the Admin Zone Security Cafe
  • 3. ​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
  • 4. Principle of Least Privilege •  Users should only have access to the minimum amount of information required to accomplish their duties, ensuring their ability to take advantage of excess privilege purposefully or accidentally is minimized. Contexts •  User context: Enforces user permissions, field-level security, and sharing rules of the current user. •  System context: Ignores user permissions, field-level security, and sharing rules of the current user. Background
  • 6. What is CRUD? •  Defines user’s access for each object •  Controlled on the profile ​ Create, Read, Update, Delete
  • 7. ​ Apex classes do not enforce CRUD •  Runs in system context ​ Visualforce pages enforce CRUD •  Runs in user context CRUD for Developers
  • 8. Enforcing CRUD in Apex <sObject>.sObjectType.getDescribe() •  isCreateable() •  isAccessible() •  isUpdateable() •  isDeletable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Account.sObjectType.getDescribe().isAccessible()) { 4  return ''; 5  } 6 }
  • 9. Enforcing CRUD in Visualforce Visualforce code patterns respect read in CRUD: 1.  <apex:outputField value="{!sObject.Field__c}"/> 2.  <apex:outputText value="{!sObject.Field__c}"/> 3.  {!sObject.Field__c} Visualforce code pattern does not respect read: 1.  <apex:outputText value="{!Object.String}"/>
  • 11. Best Practices and Q&A for CRUD •  Always check CRUD permissions before performing the operation.
  • 12. FLS
  • 13. What is FLS? •  Defines user’s access to fields on a given object •  Controlled on the profile ​ Field-Level Security
  • 14. ​ Apex classes do not enforce FLS •  Runs in system context ​ Visualforce pages enforce FLS •  Runs in user context •  Does not enforce FLS for dereferenced fields •  {!Contact.Email} = yes •  {!contactEmail} = no FLS for Developers
  • 15. Enforcing FLS in Apex Schema.sObjectType.<sObject>.fields.<field> •  isAccessible() •  isUpdateable() 1 Public Class MyController { 2  Public String getmyAccount { 3  if (!Schema.sObjectType.Account.fields.Name.isAccessible()) { 4  return ''; 5  } 6 ... 7 }
  • 16. ​ Apex: Random_Sensitive_Object_1__c r; // Salesforce sObject wRandom_Sensitive_Object_1 wR; // Custom wrapper object wR.Sensitive_Number = r.Sensitive_Number__c; ​ Visualforce: <apex:OutputText value="{!r.Sensitive_Number__c}" /> <!-- FLS RESPECTED --> <apex:OutputText value="{!wR.Sensitive_Number}" /> <!-- FLS IGNORED --> When sObject is assigned a primitive When does the Platform stop respecting FLS?
  • 18. Best Practices and Q&A for FLS •  Use sObject references whenever possible. •  Iterate through your list of fields and check FLS for each field.
  • 20. What is Sharing? •  Dictates which records of an object a user can see •  Controlled outside the profile via org-defaults, roles, ownership, and sharing rules ​ Record-level access
  • 21. ​ Apex classes do not enforce sharing by default •  Runs in system context •  Exceptions: Anonymous code blocks, developer console, and standard controllers execute in user context ​ Visualforce pages depend on controllers for record access Sharing for Developers
  • 22. Enforcing Sharing in Apex •  Default behavior is without sharing. Use with sharing keyword to enforce sharing. •  If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect. •  The sharing setting of the class where the method is defined is applied, not of the class where the method is called. 1 Public with sharing Class MyController { 2 // Code enforces current user’s sharing rules 3 Public without sharing Class MyInnerClass { 4 // Code doesn’t enforce current user’s sharing rules 5 } 6 }
  • 24. Best Practices and Q&A for Sharing •  Sharing keywords don’t enforce CRUD and FLS. •  Explicitly declare with sharing or without sharing for all classes in your code. •  If you must use without sharing, document the reasoning in a comment block.
  • 26. CRUD •  Object-level permission. Should the user have access to this object? ​ FLS •  Field-level permission. Should the user have access to this field? ​ Sharing •  Record-level permission. Should the user have access to this record? Developer practices for respecting authorization model Summary
  • 27. Additional Resources Security Implementation Guide https://developer.salesforce.com/././securityImplGuide/ (full link hidden) CRUD & FLS Enforcement Guide https://developer.salesforce.com/page/Enforcing_CRUD_and_FLS Testing CRUD and FLS Enforcement https://developer.salesforce.com/page/Testing_CRUD_and_FLS_Enforcement Using with sharing or without sharing Keywords https://developer.salesforce.com/./././apex_classes_keywords_sharing (full link hidden) Salesforce StackExchange http://salesforce.stackexchange.com/questions/tagged/security Salesforce Developer Security Forum https://developer.salesforce.com/forums Security Office Hours (Partners) http://security.force.com/security/contact/ohours