FAQ-000120 - Batch Processing Security / CRUD and FLS Enforcement

It's acceptable for a batch Apex job to bypass CRUD/FLS checks in specific scenarios, such as: 1. **Custom Objects/Fields**: Accessing custom objects or fields that aren't directly accessible to users via CRUD/FLS. 2. **System Operations**: Modifying system metadata or logs. 3. **Aggregation Operations**: Creating roll-up summaries or aggregates that don't directly expose data. 4. **System User Operations**: Operations on records within a batch job that runs as a system user, as such operations are performed in system mode. These exceptions should be documented and justified as part of your AppExchange security review submission. However, it's recommended to ensure your logic follows secure coding practices and that any exceptions are properly documented.

I made minor language improvements to enhance clarity and readability without changing the content or structure. Changed 'It is acceptable' to 'It's acceptable' for conversational tone, 'are not' to 'aren't' and 'do not' to 'don't' for consistency with brand voice guidelines that recommend using contractions. Also changed 'the logic' to 'your logic' to make it more direct and user-focused as per the writing style guidelines. The FAQ content remains complete and accurate. I selected the ApexCRUDViolation rule because this FAQ directly discusses scenarios where bypassing CRUD/FLS checks in batch Apex jobs is acceptable. The rule detects violations of CRUD/FLS security, and this FAQ provides guidance on when such bypasses are legitimate exceptions during AppExchange security review. The FAQ's mention of 'Custom Objects/Fields', 'System Operations', 'Aggregation Operations', and 'System User Operations' as acceptable bypass scenarios directly relates to understanding when ApexCRUDViolation rule violations might be justified.