FAQ-000094 - Access Control and Authorization Issues / Object-Level Access Controls

Object-level access checks should be implemented by verifying the user's permissions before performing any operations on the object. The most effective approach is to use `WITH USER_MODE` in your SOQL queries, which automatically enforces object-level permissions: ```apex List<SObject> records = [SELECT Id, Name FROM Account WHERE Id = :recordId WITH USER_MODE]; ``` Alternatively, you can use the `Schema.DescribeSObjectResult` class to check if the user has access to the object: ```apex Schema.DescribeSObjectResult objectDesc = Schema.getGlobalDescribe().get(objectType).getDescribe(); if (!objectDesc.isAccessible()) { throw new IllegalArgumentException('User does not have permission to access this object'); } ``` This ensures that the user has the necessary permissions to access the object before executing any queries or operations involving the `recordId` passed from client-side components.

The existing answer is technically correct but doesn't align with modern best practices for object-level access control. Per the security approaches guidelines, modern features like `WITH USER_MODE` should be prioritized over legacy manual permission checking approaches. The current answer only shows the manual approach, which while valid, is not the recommended modern method. I've updated the answer to lead with `WITH USER_MODE` while preserving the existing manual checking approach as an alternative. This maintains all original information while improving guidance to follow current best practices. For the ApexCRUDViolation rule selection: This rule directly relates to the FAQ's core topic of implementing object-level access checks in Apex code. The FAQ specifically discusses 'verifying the user's permissions before performing any operations on the object' and shows code examples using 'Schema.DescribeSObjectResult' to check object accessibility - this is exactly what the ApexCRUDViolation rule is designed to detect and prevent when missing.