Skip to main content

Sharing

David Martin avatar
Written by David Martin
Updated over a week ago

Rationale

Because Apex generally runs in system context, permissions, field-level security, and sharing rules aren't taken into account during code execution. This might put applications at risk of inadvertently exposing sensitive data.

Scope

  • Apex classes that perform direct or indirect database access

  • Apex web services

  • Apex classes that expose any REST resources (via Apex REST annotations)

  • Apex classes that are used as controllers by Visualforce pages, components

  • Apex classes that are used by Lightning controllers

Exclusions

  • This rule will not trigger on test classes

See Also

Did this answer your question?