FAQ-000095 - Access Control and Global Components / Alternatives to Global Access

When protected or private visibility can't be used for business reasons, consider these alternative approaches: **For Managed Packages:** 1. **Use Public Access Modifier**: The `public` modifier restricts visibility to within the namespace of the package, ensuring components aren't callable outside the namespace while maintaining functionality. 2. **Carefully Design Package Interfaces**: Expose only necessary components while maintaining functionality to balance security and usability. **For Lightning Components:** 1. **Set Access to Private or Public**: For Lightning components in managed packages, set the access value to either `Private` or `Public` within the namespace to restrict access to the intended scope. 2. **Avoid Init Function DML**: Avoid using the `init` function in components that contain DML operations to enhance security. **For Sensitive Data Management:** 1. **Protected Custom Settings or Metadata**: Store sensitive data in protected custom settings or metadata to ensure it's only accessible within the managed package. Build custom UI to capture subscriber input and pass to Apex classes for storage. 2. **Named Credentials**: Allow you to package metadata and configuration while enabling subscribers to set up credentials after installation. 3. **Data Encryption**: Encrypt sensitive data using AES-256 or higher, and securely store encryption keys in locations inaccessible to unauthorized users. **For Access Control:** 1. **Custom Permissions**: Assign these to specific users or groups to control access to certain functionalities. 2. **Field-Level Security (FLS) Checks**: Use `WITH USER_MODE` in SOQL queries or `AccessLevel.USER_MODE` in Database methods to automatically enforce FLS, or implement manual checks using methods like `isAccessible()` for field-level access validation. 3. **CRUD Checks**: Ensure users can only access or modify records they're authorized to by using `WITH USER_MODE` in SOQL queries, `AccessLevel.USER_MODE` in Database methods, or manual authorization checks like `isUpdateable()` and `isCreateable()`. 4. **Sharing Rules and Org-Wide Defaults**: Enforce sharing rules and org-wide defaults in Apex code to manage record access. **Security Best Practices:** 1. **Avoid Logging Sensitive Data**: Ensure sensitive information like access tokens or API keys isn't written to debug logs. 2. **OAuth Tokens**: Use OAuth tokens instead of session IDs for authentication and authorization. 3. **Secure Third-Party Integrations**: Store credentials securely using vendor-provided keychains, keystores, or encrypted storage mechanisms. These approaches help maintain security of sensitive data while addressing business needs and release constraints.

The FAQ content is generally solid but needs minor updates for technical accuracy and modern security practices. Key changes made: 1) Updated encryption recommendation from AES-128 to AES-256 to reflect current security standards and align with ApexBadCrypto rule expectations for strong encryption. 2) Enhanced the FLS and authorization sections to prioritize modern WITH USER_MODE and AccessLevel.USER_MODE approaches while preserving existing manual check methods, following the security approaches guidelines. 3) Consolidated redundant authorization methods under clearer CRUD and FLS categories. 4) Minor wording improvements for clarity ("aren't" instead of "are not", "isn't" for better readability). The selected security rules directly relate to the FAQ content: ApexCRUDViolation relates to the CRUD checks section, ApexSharingViolations connects to sharing rules enforcement, ApexSuggestUsingNamedCred corresponds to the Named Credentials recommendation, the hardcoded credentials rules (AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign) relate to secure credential storage practices discussed, ApexBadCrypto applies to the data encryption guidance, ProtectSensitiveData connects to sensitive data management approaches, and AvoidApiSessionId relates to the OAuth tokens recommendation.