Dynamic SOQL query relationship with field visibility for UsersAbout salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query
How to stop co-workers from teasing me because I know Russian?
Do I have an "anti-research" personality?
Is there a way to generate a list of distinct numbers such that no two subsets ever have an equal sum?
What's the polite way to say "I need to urinate"?
How can I get this effect? Please see the attached image
Extension of 2-adic valuation to the real numbers
Why does Mind Blank stop the Feeblemind spell?
How to denote matrix elements succinctly?
How to pronounce 'c++' in Spanish
Pulling the rope with one hand is as heavy as with two hands?
Coordinate my way to the name of the (video) game
As an international instructor, should I openly talk about my accent?
"The cow" OR "a cow" OR "cows" in this context
Check if a string is entirely made of the same substring
What causes platform events to fail to be published and should I cater for failed platform event creations?
Pre-plastic human skin alternative
Minor Revision with suggestion of an alternative proof by reviewer
Apparently, my CLR assembly function is causing deadlocks?
Like totally amazing interchangeable sister outfits II: The Revenge
Does tea made with boiling water cool faster than tea made with boiled (but still hot) water?
How to limit Drive Letters Windows assigns to new removable USB drives
How can I print the prosodic symbols in LaTeX?
How to not starve gigantic beasts
How to fry ground beef so it is well-browned
Dynamic SOQL query relationship with field visibility for Users
About salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
asked 1 hour ago
Matthew MetrosMatthew Metros
463
add a comment |
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
asked 1 hour ago
Matthew MetrosMatthew Metros
463
add a comment |
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
asked 1 hour ago
Matthew MetrosMatthew Metros
463
I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?
public with sharing class QuerySelector
public static List<SObject> dynamicQuerySelector(Set<Id> idSet)
// check if null
List<SObject> sObjectList = new List<SObject>();
if(idSet.size() > 0)
// convert the set to a list
List<Id> idList = new List<Id>(idSet);
Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());
Set<String> fieldNames = sor.fields.getMap().keySet();
String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';
sObjectList = Database.query(recordQuery);
return sObjectList;
return sObjectList;
apex soql
apex soql
asked 1 hour ago
Matthew MetrosMatthew Metros
463
asked 1 hour ago
Matthew MetrosMatthew Metros
463
asked 1 hour ago
Matthew MetrosMatthew Metros
463
asked 1 hour ago
Matthew MetrosMatthew Metros
463
asked 1 hour ago
Matthew MetrosMatthew Metros
463
463
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "459"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
add a comment |
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
add a comment |
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).
There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
answered 1 hour ago
sfdcfoxsfdcfox
267k13213461
267k13213461
add a comment |
add a comment |
Thanks for contributing an answer to Salesforce Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
