FAQ-000574 - Custom Settings and Configuration Security / User Permissions and Access Control

To avoid requiring broad permissions for users to save configuration data, consider these alternatives: 1. **Protected Custom Settings**: Create a custom UI using Visualforce, Aura, or LWC to capture user input. Pass this input to an Apex class within the managed package for secure storage in protected custom settings, ensuring only authorized users can access or modify the data. 2. **Protected Custom Metadata**: Use protected custom metadata for securely storing configuration data, especially if you already have metadata-related code. Ensure proper implementation, even for subscriber-owned secrets. 3. **Named Credentials**: Package metadata and configuration using named credentials, allowing subscribers to set up the actual credentials post-installation. This approach minimizes the exposure of sensitive data. These methods help maintain security while reducing the need for broad permissions.

The FAQ content is accurate and well-structured, requiring no significant changes. The answer effectively addresses the question about alternatives to broad permissions for configuration data storage. I'm recommending five security rules that directly relate to the configuration data security practices discussed: 1. **ApexSuggestUsingNamedCred**: This rule directly applies to the FAQ's third recommendation about using named credentials for packaging metadata and configuration. The FAQ explicitly mentions named credentials as a method to minimize exposure of sensitive data, which aligns perfectly with this rule's purpose of suggesting named credentials usage. 2. **AvoidHardcodedCredentialsInFieldDecls**: This rule relates to the FAQ's overall theme of secure configuration data storage. The FAQ discusses alternatives that avoid exposing sensitive configuration data, which includes avoiding hardcoded credentials in field declarations. 3. **AvoidHardcodedCredentialsInVarAssign**: This rule connects to the FAQ's emphasis on secure storage of configuration data. The alternatives presented (protected custom settings, protected custom metadata, named credentials) all help avoid hardcoding credentials in variable assignments. 4. **AvoidHardcodedCredentialsInVarDecls**: Similar to the above, this rule applies to the FAQ's guidance on secure configuration storage. The recommended approaches help prevent hardcoding credentials in variable declarations. 5. **ProtectSensitiveData**: This rule broadly applies to the entire FAQ content, which focuses on protecting sensitive configuration data through secure storage methods. The FAQ's recommendations for protected custom settings, protected custom metadata, and named credentials all serve to protect sensitive data from unauthorized access.