"With Sharing" does not enforce object level and field level by default.
But there are other ways in which you can enforce them.
Here are couple of options:
1. While using an SOQL use "WITH SECURITY_ENFORCED" keyword to enforce field- and object-level security checks to fields and objects referenced in SELECT.
2. In Apex code, you can use sObject describe result methods and field describe result methods that check current user's permission. Methods are isAccessible, isCreateable, isUpdateable and isDeletable.
3. Use the stripInaccessible method to enforce field- and object-level data protection.
No comments:
Post a Comment