FAQ-000406 - Community and Experience Cloud Security / User Permissions and Profile Management

When community profiles have limited object access, here's how you can manage user permissions effectively: 1. **Use Permission Sets**: Instead of modifying profiles, assign permission sets to provide additional permissions to specific users. This allows for more granular control. 2. **Enforce Security in Code**: Implement proper security checks in your code: - Use `WITH USER_MODE` in SOQL queries to automatically enforce CRUD and FLS - Use `AccessLevel.USER_MODE` with Database methods for automatic permission enforcement - For manual checks, use `Schema.sObjectType` and `describeFieldResult` methods to verify object and field accessibility 3. **Verify Accessibility Programmatically**: Use `Schema.sObjectType` and `describeFieldResult` methods in your code to verify object and field accessibility. These practices help maintain proper access control and align with security best practices.

The original answer mentions 'CRUD and FLS checks' in a somewhat generic way without highlighting the modern, preferred approaches. Based on the security approaches guidelines, I should prioritize modern features like `WITH USER_MODE` and `AccessLevel.USER_MODE` while keeping the existing manual check approaches as valid alternatives. I restructured point 2 to lead with the modern approaches while preserving the existing Schema methods approach. This maintains all original information while making the guidance more current and actionable. I selected ApexCRUDViolation because the FAQ discusses implementing CRUD and FLS checks in code, which is exactly what this rule validates - it ensures developers properly check object and field permissions before performing operations. I selected ApexSharingViolations because the FAQ addresses user permission management in community contexts where sharing violations are a common concern, and this rule helps detect when code bypasses proper sharing rules enforcement.