FAQ-000469 - Custom Settings and Configuration Security / Package Development and Managed Package Considerations

Allowing subscribers to modify Custom Metadata Type records included in a managed package can pose security risks. Public Custom Metadata Types are accessible and modifiable by the org admin and potentially by other packages or untrusted code within the subscriber org. To ensure security, it's recommended to use Protected Custom Metadata Types. These restrict access and modifications to the managed package's code, preventing unauthorized changes. If subscribers need to update records, you should implement a secure mechanism like a custom UI or API endpoint with proper access controls. If custom metadata isn't accessible, you can use protected custom settings as an alternative. This allows subscribers to modify configuration data securely. You'll need to create a custom UI (using Visualforce, Aura, or LWC) to capture the subscriber's input and pass it to an Apex class within the managed package for secure storage.

The FAQ content is technically accurate and well-structured. The only minor adjustment needed is changing the contraction 'You'd' to 'You'll' to align with the writing style guidelines that prefer natural, conversational contractions but maintain consistency throughout the text. This improves readability without changing the technical content. Regarding security rules selection: 1. **ApexCRUDViolation** - This rule is highly relevant because the FAQ discusses secure mechanisms for allowing subscribers to update configuration data. The FAQ specifically mentions implementing 'custom UI or API endpoint with proper access controls' and creating Apex classes for 'secure storage.' These implementation approaches directly relate to CRUD operations that need proper security validation, which is exactly what the ApexCRUDViolation rule addresses. 2. **ApexSharingViolations** - This rule applies because the FAQ discusses access restrictions and the security concerns of allowing modifications by 'other packages or untrusted code within the subscriber org.' The recommendation to use 'Protected Custom Metadata Types' that 'restrict access and modifications to the managed package's code' directly relates to sharing and access control concepts that the ApexSharingViolations rule covers.