Kdtyjb

How to denote matrix elements succinctly?

What is causing the white spot to appear in some of my pictures

Does tea made with boiling water cool faster than tea made with boiled (but still hot) water?

bldc motor, esc and battery draw, nominal vs peak

can anyone help me with this awful query plan?

Why do games have consumables?

Could the terminal length of components like resistors be reduced?

Don’t seats that recline flat defeat the purpose of having seatbelts?

How come there are so many candidates for the 2020 Democratic party presidential nomination?

How would 10 generations of living underground change the human body?

How to display Aura JS Errors Lightning Out

Are there physical dangers to preparing a prepared piano?

Multiple options vs single option UI

Critique of timeline aesthetic

How can I print the prosodic symbols in LaTeX?

"The cow" OR "a cow" OR "cows" in this context

What are the steps to solving this definite integral?

Converting a sprinkler system's 24V AC outputs to 3.3V DC logic inputs

Aligning equation numbers vertically

Was there a Viking Exchange as well as a Columbian one?

Can an Area of Effect spell cast outside a Prismatic Wall extend inside it?

"Whatever a Russian does, they end up making the Kalashnikov gun"? Are there any similar proverbs in English?

What is the smallest unit of eos?

What term is being referred to with "reflected-sound-of-underground-spirits"?

Dynamic SOQL query relationship with field visibility for Users

About salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

2

I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

apex soql

share|improve this question

asked 5 hours ago

Matthew MetrosMatthew Metros

513

add a comment | 

2

I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

apex soql

share|improve this question

asked 5 hours ago

Matthew MetrosMatthew Metros

513

add a comment | 

I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

apex soql

share|improve this question

asked 5 hours ago

Matthew MetrosMatthew Metros

513

public with sharing class QuerySelector {



    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {



        // check if null



        List<SObject> sObjectList = new List<SObject>();



        if(idSet.size() > 0)

        {

            // convert the set to a list

            List<Id> idList = new List<Id>(idSet);





            Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();

            String recObject = String.valueOf(sor.getName());



            Set<String> fieldNames = sor.fields.getMap().keySet();



            String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';



            sObjectList = Database.query(recordQuery);



            return sObjectList;

        }

        return sObjectList;

    }

}

share|improve this question

asked 5 hours ago

Matthew MetrosMatthew Metros

513

share|improve this question

asked 5 hours ago

Matthew MetrosMatthew Metros

513

asked 5 hours ago

Matthew MetrosMatthew Metros

513

asked 5 hours ago

Matthew MetrosMatthew Metros

513

1 Answer
1

active

oldest

votes

6

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "459"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

6

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461

add a comment | 

6

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461

add a comment | 

By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).

There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.

share|improve this answer

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461

share|improve this answer

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461

answered 5 hours ago

sfdcfoxsfdcfox

267k13213461