FAQ-000127 - Batch Processing Security / Sharing Context and Permissions

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

Question: Are batch Apex classes invoked from PostInstall classes allowed to use "without sharing"?

Answer: There are conflicting guidelines regarding batch Apex classes invoked from PostInstall classes: **Permissive View**: Yes, batch Apex classes invoked from PostInstall classes are allowed to use "without sharing" if there is a legitimate use case and no security impact. However, it is important to carefully evaluate the necessity of using "without sharing" and ensure proper security measures, such as CRUD/FLS checks, are implemented where applicable. **Restrictive View**: It is not acceptable for a batch Apex class initiated from a PostInstall script to run `without sharing`. All classes performing database operations should explicitly enforce sharing rules by being marked as `with sharing`, unless there is a clear and documented exception (e.g., for community or site applications requiring `without sharing`). **Technical Consideration**: Using `with sharing` on a `Database.Batchable` class prevents it from being created by an install handler because install handlers execute with elevated privileges and do not enforce sharing rules. These elevated privileges are necessary to ensure the installation process completes without being restricted by sharing settings. **Recommendation**: Given the conflicting guidance, it's best to document your specific use case and consult with Salesforce Support or security review guidelines for your particular scenario.

Enhancing FAQ...

Enhancing FAQ with AI recommendations...

Question: Are batch Apex classes invoked from PostInstall classes allowed to use "without sharing"?

Recommended Answer Update: There are conflicting guidelines regarding batch Apex classes invoked from PostInstall classes: **Permissive View**: Yes, batch Apex classes invoked from PostInstall classes are allowed to use "without sharing" if there's a legitimate use case and no security impact. However, it's important to carefully evaluate the necessity of using "without sharing" and ensure proper security measures, such as CRUD/FLS checks, are implemented where applicable. **Restrictive View**: It's not acceptable for a batch Apex class initiated from a PostInstall script to run `without sharing`. All classes performing database operations should explicitly enforce sharing rules by being marked as `with sharing`, unless there's a clear and documented exception (e.g., for community or site applications requiring `without sharing`). **Technical Consideration**: Using `with sharing` on a `Database.Batchable` class prevents it from being created by an install handler because install handlers execute with elevated privileges and don't enforce sharing rules. These elevated privileges are necessary to ensure the installation process completes without being restricted by sharing settings. **Recommendation**: Given the conflicting guidance, it's best to document your specific use case and consult with Salesforce Support or security review guidelines for your particular scenario.

Reasoning: I made minor improvements to enhance readability and conversational tone by: 1) Changing 'There are' to 'There are' (no change needed), 2) Adding contractions ('there's' instead of 'there is', 'it's' instead of 'it is', 'don't' instead of 'do not') to make the tone more conversational per the brand guidelines, 3) Maintained all technical content and structure while improving flow. No content was outdated or incorrect. The ApexSharingViolations rule is directly relevant because this FAQ discusses the use of sharing keywords ('with sharing' vs 'without sharing') in Apex classes, specifically in the context of batch classes invoked from PostInstall scripts. The FAQ's core content about when to use sharing keywords and the security implications directly relates to what the ApexSharingViolations rule detects and prevents.

Reasoning References

Recommended Related Articles

Current FAQ