FAQ-000131 - Batch Processing Security / Test Context and Permission Handling

To resolve test failures caused by permission context switching in batch class execution, follow these steps: 1. **Check the Sharing Context**: Ensure the batch class is executed in the appropriate sharing context. If the batch class is declared as **"without sharing"**, it will run in system mode, bypassing sharing rules. 2. **Align Parent Class Sharing Rules**: Review the sharing context of the parent class or method invoking the batch class. Ensure it aligns with the intended permission context. 3. **Use "with sharing" if Needed**: If sharing rules need to be enforced, declare the batch class as **"with sharing"**. 4. **Implement CRUD/FLS Checks**: Use modern permission enforcement approaches like `WITH USER_MODE` for SOQL queries or `AccessLevel.USER_MODE` for Database methods to automatically enforce CRUD/FLS permissions. You can also implement explicit CRUD/FLS checks, even if the batch class runs in system mode, to avoid permission-related issues. 5. **Document the Use Case**: If the issue persists, document the use case and provide a detailed explanation in a false positive document for review during the security process. These steps should help mitigate permission-related test failures in batch class execution.

The FAQ is well-structured and covers the core concepts accurately. The main improvement needed is in step 4, where the existing advice about implementing CRUD/FLS checks can be enhanced to prioritize modern permission enforcement features. I updated the language to lead with `WITH USER_MODE` for SOQL and `AccessLevel.USER_MODE` for Database methods, while preserving the existing advice about explicit checks as an alternative approach. This aligns with the security approaches guidelines that recommend prioritizing modern features while maintaining that legacy approaches remain valid. No other changes were needed as the content accurately addresses permission context switching in batch classes. I selected ApexSharingViolations because this FAQ directly discusses sharing contexts ("with sharing", "without sharing") and sharing rule enforcement in batch classes. I selected ApexCRUDViolation because the FAQ explicitly mentions implementing CRUD/FLS checks to avoid permission-related issues in batch execution.