FAQ-000148 - CRUD/FLS Bypass Justification and System Objects / Custom Settings and System Objects Exceptions

It is acceptable to bypass CRUD/FLS checks in the following situations: **Custom Settings**: Bypassing CRUD/FLS checks is acceptable because Custom Settings are controlled by profile-level permissions and don't inherently require these checks. However, performing CRUD/FLS checks on them isn't an issue if desired. **System Objects**: Exceptions to CRUD/FLS checks may apply in specific cases, such as: - Accessing metadata fields or objects with unique security policies - Objects like PushTopic that are inherently designed to bypass such checks due to their system-level nature **Documentation Requirements**: These exceptions should be documented and justified as part of the AppExchange security review, ensuring that the use case aligns with Salesforce's security guidelines.

The FAQ content is accurate and well-structured. I made minor improvements for clarity and conversational tone: changed 'do not inherently require' to 'don't inherently require' and 'is not an issue' to 'isn't an issue' to follow the conversational style guidelines. These changes make the text more natural while preserving all existing information and technical accuracy. I selected the ApexCRUDViolation rule because it directly relates to the FAQ's core topic of CRUD/FLS bypass justification. The FAQ explains when it's acceptable to bypass CRUD/FLS checks on Custom Settings and system objects like PushTopic, which is exactly what developers need to understand to handle ApexCRUDViolation rule violations appropriately. The FAQ content provides guidance on legitimate exceptions to CRUD/FLS enforcement that would help developers determine when ApexCRUDViolation findings can be justified versus when they need to be addressed.