FAQ-000119 - Batch Processing Security / CRUD and FLS Enforcement

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What is the correct syntax and implementation for isDeletable() checks in batch processing scenarios?
Answer
To implement the `isDeletable()` check in batch processing scenarios, you should explicitly verify the user's permission to delete records before performing any delete operation. Here's the correct implementation: ```apex global class BatchDeleteExample implements Database.Batchable<sObject> { global Database.QueryLocator start(Database.BatchableContext BC) { return Database.getQueryLocator('SELECT Id FROM YourObject__c'); } global void execute(Database.BatchableContext BC, List<sObject> scope) { if (Schema.sObjectType.YourObject__c.isDeletable()) { delete scope; } else { System.debug('User does not have delete permissions for YourObject__c.'); } } global void finish(Database.BatchableContext BC) { System.debug('Batch process completed.'); } } ``` ### Key Points: 1. **Permission Check**: The `isDeletable()` method checks if the user has delete permissions for the object. 2. **Conditional Deletion**: If the user has the required permissions, the delete operation is executed on the batch scope. 3. **Fallback Handling**: If the user lacks permissions, the operation is skipped, and a debug message is logged. 4. **Finish Method Implementation**: In finish methods, use the **PermissionManager** to verify if the user has delete permissions on the relevant object, especially when the delete operation involves custom settings or records that could impact other users. This ensures compliance with CRUD/FLS security requirements during batch processing.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Related Security Rules (click to view)
ApexCRUDViolation
Question
What is the correct syntax and implementation for isDeletable() checks in batch processing scenarios?
Recommended Answer Update
To implement the `isDeletable()` check in batch processing scenarios, you should explicitly verify the user's permission to delete records before performing any delete operation. Here's the correct implementation: ```apex global class BatchDeleteExample implements Database.Batchable<sObject> { global Database.QueryLocator start(Database.BatchableContext BC) { return Database.getQueryLocator('SELECT Id FROM YourObject__c'); } global void execute(Database.BatchableContext BC, List<sObject> scope) { if (Schema.sObjectType.YourObject__c.isDeletable()) { delete scope; } else { System.debug('User does not have delete permissions for YourObject__c.'); } } global void finish(Database.BatchableContext BC) { System.debug('Batch process completed.'); } } ``` ### Key Points: 1. **Permission Check**: The `isDeletable()` method checks if the user has delete permissions for the object. 2. **Conditional Deletion**: If the user has the required permissions, the delete operation is executed on the batch scope. 3. **Fallback Handling**: If the user lacks permissions, the operation is skipped, and a debug message is logged. 4. **Finish Method Implementation**: In finish methods, verify if the user has delete permissions on the relevant object when the delete operation involves custom settings or records that could impact other users. This ensures compliance with CRUD/FLS security requirements during batch processing.
Reasoning
The FAQ content is generally accurate and well-structured. I made one minor improvement to the fourth key point by removing the vague reference to 'PermissionManager' which is not a standard Salesforce class and could be confusing. The updated text maintains the same meaning while using clearer wording that doesn't reference an undefined class. For security rule selection: I selected ApexCRUDViolation because this FAQ directly teaches developers how to implement CRUD (delete) permission checks in Apex batch processing. The FAQ's entire focus is on using Schema.sObjectType.isDeletable() to verify delete permissions before performing delete operations, which directly addresses the type of CRUD violations that the ApexCRUDViolation rule detects. The code example shows proper permission checking with 'if (Schema.sObjectType.YourObject__c.isDeletable())' and the key points emphasize 'Permission Check' and 'compliance with CRUD/FLS security requirements' - all of which align with preventing CRUD violations.
Reasoning References
Recommended Related Articles