FAQ-001003 - Feature Flagging and Conditional Access Security / Client-Side License Validation

No, you can't control the visibility of objects and fields based on a license check purely on the client-side in Salesforce. Visibility and access control must be enforced on the server-side using appropriate CRUD/FLS checks and sharing rules to ensure security and compliance with organizational settings. Relying solely on client-side checks creates potential security vulnerabilities.

The original answer contains minor wording issues that needed refinement for clarity and directness. Changed 'cannot' to 'can't' for a more conversational tone per brand guidelines. Changed 'should be enforced' to 'must be enforced' to emphasize the security requirement more strongly. Updated 'can lead to' to 'creates' for more direct language about security risks. These changes preserve all original points while improving clarity and following the conversational tone guidelines. Regarding security rules: - ApexCRUDViolation: This rule directly relates to the FAQ's discussion of 'appropriate CRUD/FLS checks' mentioned in the answer. The FAQ emphasizes that server-side CRUD/FLS enforcement is required rather than client-side visibility control, which aligns with this rule's purpose of detecting missing CRUD/FLS validations in Apex code. - ApexSharingViolations: This rule connects to the FAQ's mention of 'sharing rules' as part of proper server-side access control. The FAQ discusses enforcing access control through sharing rules rather than client-side checks, which directly relates to this rule's focus on proper sharing enforcement in Apex.