FAQ-000091 - Access Control and Authorization Issues / Authorization Design Patterns

The recommended design patterns for implementing authorization and access control within an application include: 1. **Enforce CRUD/FLS**: Always enforce Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) permissions for all operations. Use `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods to automatically enforce permissions, or use traditional methods like `isUpdateable()` and `isCreateable()` for upsert operations. 2. **Use "With Sharing" or "Inherited Sharing" Classes**: Use "with sharing" to respect user sharing rules. For flexibility, "inherited sharing" can dynamically apply sharing rules based on the caller's context. 3. **Custom Authorization Logic**: Implement custom authorization models as needed, ensuring access control logic is specific and sound. Validate user roles and permissions before sensitive operations. 4. **Guest User Access**: For community sites or guest user scenarios, document access requirements and enforce CRUD/FLS and sharing rules. Follow Salesforce's recommended patterns for guest user record access. 5. **OAuth Scopes and Permissions**: When using OAuth, request only the minimum permissions necessary. Store sensitive tokens and secrets securely in protected custom settings or metadata. 6. **Avoid "Without Sharing" Unless Justified**: If using "without sharing," include explicit access control checks to prevent unauthorized operations. 7. **Static Resources and Secure Endpoints**: Load static resources from the static resources folder and ensure all callouts use HTTPS. Avoid dynamically loading resources from untrusted sources. 8. **Access Control Validation**: Regularly review and validate access control logic, especially for operations involving sensitive data or elevated privileges. These patterns ensure robust and secure access control within your application.

The main improvement needed was in point #1 regarding CRUD/FLS enforcement. The original answer only mentioned legacy methods like `isUpdateable()` and `isCreateable()`. Following the security approaches guidelines, I prioritized modern features by leading with `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods, while still acknowledging that traditional approaches remain valid. This modernizes the guidance while preserving all existing information. Regarding security rules associations: - ApexCRUDViolation: Directly relates to point #1 about enforcing CRUD/FLS permissions for all operations - ApexSharingViolations: Relates to points #2 and #6 about using "with sharing"/"inherited sharing" classes and avoiding "without sharing" unless justified - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInVarDecls: Relate to point #5 about storing sensitive tokens and secrets securely rather than hardcoding them - ApexInsecureEndpoint: Relates to point #7 about ensuring all callouts use HTTPS and avoiding insecure endpoints - ApexSuggestUsingNamedCred: Relates to point #5 about OAuth and secure credential storage, as named credentials are a recommended secure approach