Gsyfuy

Two field separators (colon and space) in awk

How can I print the prosodic symbols in LaTeX?

Why was the Spitfire's elliptical wing almost uncopied by other aircraft of World War 2?

Dynamic SOQL query relationship with field visibility for Users

How to have a sharp product image?

Did the BCPL programming language support floats?

What causes platform events to fail to be published and should I cater for failed platform event creations?

What happened to Captain America in Endgame?

bldc motor, esc and battery draw, nominal vs peak

How to not starve gigantic beasts

"The cow" OR "a cow" OR "cows" in this context

Checks user level and limit the data before saving it to mongoDB

"You've called the wrong number" or "You called the wrong number"

How to fry ground beef so it is well-browned

How to limit Drive Letters Windows assigns to new removable USB drives

Overlay of two functions leaves gaps

How exactly does Hawking radiation decrease the mass of black holes?

'It addicted me, with one taste.' Can 'addict' be used transitively?

Does tea made with boiling water cool faster than tea made with boiled (but still hot) water?

Extension of 2-adic valuation to the real numbers

What happens in the secondary winding if there's no spark plug connected?

Which big number is bigger?

How can I practically buy stocks?

How much cash can I safely carry into the USA and avoid civil forfeiture?

Dynamic SOQL query relationship with field visibility for Users

About salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

1

I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

apex soql

share|improve this question

asked 2 hours ago

Matthew MetrosMatthew Metros

463

add a comment | 

1

I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

apex soql

share|improve this question

asked 2 hours ago

Matthew MetrosMatthew Metros

463

add a comment | 

I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

apex soql

share|improve this question

asked 2 hours ago

Matthew MetrosMatthew Metros

463

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

share|improve this question

asked 2 hours ago

Matthew MetrosMatthew Metros

463

share|improve this question

asked 2 hours ago

Matthew MetrosMatthew Metros

463

asked 2 hours ago

Matthew MetrosMatthew Metros

463

asked 2 hours ago

Matthew MetrosMatthew Metros

463

1 Answer
1

active

oldest

votes

5

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "459"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

5

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461

add a comment | 

5

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461

add a comment | 

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461

share|improve this answer

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461

answered 1 hour ago

sfdcfoxsfdcfox

267k13213461