FAQ-000089 - Access Control and Authorization Issues / Access Control Identification and Remediation

To identify and remediate access control vulnerabilities in managed package code, follow these steps: 1. **Explicitly Check CRUD/FLS Permissions**: Ensure your code verifies Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) permissions before performing data operations. Use modern approaches like `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods when available, or traditional methods like `Schema.sObjectType` to check field accessibility. 2. **Review Code for User Context**: Confirm that operations are executed in the correct user context. Avoid unnecessary system-level permissions and ensure sensitive operations respect user-level access controls. 3. **Avoid Hardcoding Profiles or Roles**: Don't hardcode profile or role names in your logic. Use dynamic checks to prevent failures in multi-language environments or when profiles are renamed. 4. **Secure External Communication**: If your package interacts with external components, implement access control mechanisms. For example, use secure options like the `pubsub` module instead of exposing message channels (`isExposed=true`). 5. **Test for Vulnerabilities**: Use tools like Salesforce Code Analyzer and Source Code Scanner (Checkmarx) to identify access control violations. Address flagged issues and document any false positives with detailed explanations. 6. **Follow Secure Coding Guidelines**: Adhere to Salesforce Secure Code Review Guidance to avoid insecure patterns and implement proper validation mechanisms. 7. **Submit False Positive Documentation**: If certain flagged issues are false positives, document them thoroughly and include this in your security review submission. 8. **Leverage Office Hours**: Schedule technical office hours with the Salesforce Product Security team for tailored guidance on specific vulnerabilities. By following these practices, you can effectively identify and address access control vulnerabilities in your managed package code.

The main improvement needed was updating the guidance on CRUD/FLS permissions to prioritize modern security enforcement features while maintaining compatibility with existing approaches. The current FAQ content only mentioned traditional Schema.sObjectType checks, but the security approaches guidelines specify that modern features like WITH USER_MODE and AccessLevel.USER_MODE should be lead recommendations. I refined point 1 to include both modern and traditional approaches. For security rules selection: - ApexCRUDViolation: This rule directly relates to the FAQ's core focus on CRUD/FLS permission checking mentioned in point 1 'Ensure your code verifies Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) permissions' - ApexSharingViolations: This rule connects to point 2's discussion of 'operations executed in the correct user context' and ensuring 'sensitive operations respect user-level access controls' - AvoidSecurityEnforcedOldApiVersion: This rule relates to the FAQ's emphasis on following secure coding practices and using modern security approaches mentioned in points 5 and 6