Use of FLS and CRUD operation in Salesforce

By | February 9, 2021

In this blog, we will understand how to perform FLS and CRUD operation in salesforce. Field-Level Security (FLS) in Salesforce let you restrict users’ access to view and edit specific fields. Field level security implements using the CRUD operation (Create, Read, Update and Delete i.e. CRUD).

Apex in salesforce doesn’t respect CRUD & FLS. It is because most of the processes that a developer has to implement in Apex have to surpass CRUD & FLS.

It is upto the developer to take the responsibility of managing CRUD & FLS in Apex as per requirements. Depending on how your custom applications render and process data, unauthorized users have the potential to access and modify data that they shouldn’t. FLS should be enforced always.

The DescribeSObjectResult class includes a number of helper functions. This function can be used for verifying users level of access and prevent data from being inadvertently exposed or modified.

To enforce “delete” access restrictions, use the isDeleteable() function before your code performs a delete database operation. If we know specific object name then we can directly performs delete operation using object name as shown in the below code snippet.

if (Opportunity.sObjectType.getDescribe().isDeleteable())
{
delete Objoppor;
}

Implementation/Usage:

If we want to perform any FLS operation in batch class or any other class where we don’t know exact object name then we can  take object name dynamically as shown in the below code.

First check whether scope is empty or null and check Object type using getSObjectType() function.

  • GetSObjectType(): Returns the token for this SObject. This method is used to describe information.
Global void execute (Database.BatchableContext bc, List<SObject> scope)
{
	if(scope == null || scope.isEmpty())
    return;

    SObjectType myType = scope[0].getSObjectType();
    if (myType.getDescribe().isDeletable()==true)
	{
		delete scope;
	}
	else
	{
		system.debug('You have no permission to delete this object: ' + myType);
	}
}

Please Note- Since you delete records in SOQL and do not delete fields, you need to check only the user’s CRUD access to the object.

We hope you may find this Blog resourceful and helpful. If you still have concerns and need more help, please contact us at salesforce@greytrix.com.

About Us
Greytrix – a globally recognized and one of the oldest Sage Development Partner and a Salesforce Product development partner offers a wide variety of integration products and services to the end users as well as to the Partners and Sage PSG across the globe. We offer Consultation, Configuration, Training and support services in out-of-the-box functionality as well as customizations to incorporate custom business rules and functionalities that require apex code incorporation into the Salesforce platform.

Greytrix has some unique solutions for Cloud CRM such as Salesforce Sage integration for Sage X3Sage 100 and Sage 300 (Sage Accpac). We also offer best-in-class Cloud CRM Salesforce customization and development services along with services such as Salesforce Data MigrationIntegrated App developmentCustom App development and Technical Support to business partners and end users.
Salesforce Cloud CRM integration offered by Greytrix works with Lightning web components and supports standard opportunity workflow. Greytrix GUMU™ integration for Sage ERP – Salesforce is a 5-star rated app listed on Salesforce AppExchange.

The GUMU™ Cloud framework by Greytrix forms the backbone of cloud integrations that are managed in real-time for processing and execution of application programs at the click of a button.

For more information on our Salesforce products and services, contact us at salesforce@greytrix.com. We will be glad to assist you.

Related Posts