Dynamic SOQL query relationship with field visibility for UsersAbout salesforce SOQL relationship querySOQL...

How to denote matrix elements succinctly?

What is causing the white spot to appear in some of my pictures

Does tea made with boiling water cool faster than tea made with boiled (but still hot) water?

bldc motor, esc and battery draw, nominal vs peak

can anyone help me with this awful query plan?

Why do games have consumables?

Could the terminal length of components like resistors be reduced?

Don’t seats that recline flat defeat the purpose of having seatbelts?

How come there are so many candidates for the 2020 Democratic party presidential nomination?

How would 10 generations of living underground change the human body?

How to display Aura JS Errors Lightning Out

Are there physical dangers to preparing a prepared piano?

Multiple options vs single option UI

Critique of timeline aesthetic

How can I print the prosodic symbols in LaTeX?

"The cow" OR "a cow" OR "cows" in this context

What are the steps to solving this definite integral?

Converting a sprinkler system's 24V AC outputs to 3.3V DC logic inputs

Aligning equation numbers vertically

Was there a Viking Exchange as well as a Columbian one?

Can an Area of Effect spell cast outside a Prismatic Wall extend inside it?

"Whatever a Russian does, they end up making the Kalashnikov gun"? Are there any similar proverbs in English?

What is the smallest unit of eos?

What term is being referred to with "reflected-sound-of-underground-spirits"?



Dynamic SOQL query relationship with field visibility for Users


About salesforce SOQL relationship querySOQL Can't create USERS relationship?Need help writing test Apex Classeschema.getglobaldescribe needs test classNot able to escape quote in visualforce page?SOQL error with relationshipSOQL for Lookup relationshipSOQL query with inner query doesn't recognize understand the relationshipHow to Pass in an Array of Strings in a Method Parameter in a Test ClassNested Dynamic SOQL Query






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







2















I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



public with sharing class QuerySelector {

public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {

// check if null

List<SObject> sObjectList = new List<SObject>();

if(idSet.size() > 0)
{
// convert the set to a list
List<Id> idList = new List<Id>(idSet);


Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
String recObject = String.valueOf(sor.getName());

Set<String> fieldNames = sor.fields.getMap().keySet();

String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

sObjectList = Database.query(recordQuery);

return sObjectList;
}
return sObjectList;
}
}









share|improve this question





























    2















    I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



    public with sharing class QuerySelector {

    public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {

    // check if null

    List<SObject> sObjectList = new List<SObject>();

    if(idSet.size() > 0)
    {
    // convert the set to a list
    List<Id> idList = new List<Id>(idSet);


    Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
    String recObject = String.valueOf(sor.getName());

    Set<String> fieldNames = sor.fields.getMap().keySet();

    String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

    sObjectList = Database.query(recordQuery);

    return sObjectList;
    }
    return sObjectList;
    }
    }









    share|improve this question

























      2












      2








      2








      I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



      public with sharing class QuerySelector {

      public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {

      // check if null

      List<SObject> sObjectList = new List<SObject>();

      if(idSet.size() > 0)
      {
      // convert the set to a list
      List<Id> idList = new List<Id>(idSet);


      Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
      String recObject = String.valueOf(sor.getName());

      Set<String> fieldNames = sor.fields.getMap().keySet();

      String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

      sObjectList = Database.query(recordQuery);

      return sObjectList;
      }
      return sObjectList;
      }
      }









      share|improve this question














      I created a dynamic SOQL query method and I am curious about what will happen if the user that triggers the code does not have access to the field. Will the entire org start receiving errors?



      public with sharing class QuerySelector {

      public static List<SObject> dynamicQuerySelector(Set<Id> idSet) {

      // check if null

      List<SObject> sObjectList = new List<SObject>();

      if(idSet.size() > 0)
      {
      // convert the set to a list
      List<Id> idList = new List<Id>(idSet);


      Schema.DescribeSObjectResult sor = idList[0].getSobjectType().getDescribe();
      String recObject = String.valueOf(sor.getName());

      Set<String> fieldNames = sor.fields.getMap().keySet();

      String recordQuery = 'SELECT ' + String.join(new List<String>(fieldNames),',') + ' FROM ' + recObject + ' WHERE id in :idSet ';

      sObjectList = Database.query(recordQuery);

      return sObjectList;
      }
      return sObjectList;
      }
      }






      apex soql






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 5 hours ago









      Matthew MetrosMatthew Metros

      513




      513






















          1 Answer
          1






          active

          oldest

          votes


















          6














          By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



          There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "459"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            6














            By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



            There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






            share|improve this answer




























              6














              By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



              There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






              share|improve this answer


























                6












                6








                6







                By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



                There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.






                share|improve this answer













                By default, Apex can query all fields--even if the user can't see those fields. This can produce a situation where data is leaked to the user that they should not see. No errors or exceptions would occur (other than possibly due to too many fields/LOB fields/etc).



                There's a new beta feature (WITH SECURITY_ENFORCED) to prevent this data leakage, but the tradeoff is that the query will fail with an exception. For this reason, among others, you should not describe an entire object this way, or at minimum, you should check the field's describe calls to see if they are accessible to the current user.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 5 hours ago









                sfdcfoxsfdcfox

                267k13213461




                267k13213461






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Salesforce Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f260261%2fdynamic-soql-query-relationship-with-field-visibility-for-users%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    El tren de la libertad Índice Antecedentes "Porque yo decido" Desarrollo de la...

                    Castillo d'Acher Características Menú de navegación

                    Connecting two nodes from the same mother node horizontallyTikZ: What EXACTLY does the the |- notation for...