FAQ-001016 - Flow Security and System Mode / Custom Flow Actions Security

Custom flow actions in Salesforce cannot conditionally bypass FLS and sharing enforcement based on the parent flow context. All custom actions, whether public or private, must implement proper CRUD, field-level security (FLS), and record-level (with sharing) access checks to comply with security standards. Bypassing these enforcement mechanisms is not allowed. However, there are conflicting perspectives on this topic. Some guidance suggests that custom Apex actions can conditionally bypass FLS and sharing checks when called from a Flow running in system context, but this should be done cautiously and only in specific scenarios where necessary, such as implementing secure guidelines for Guest Users or handling objects with custom security policies. It's important to document these exceptions and ensure that sensitive fields are excluded from queries and not exposed to the UI or client-side logic. If you need further clarification on this topic, consider opening a case with Salesforce Support for definitive guidance. For implementation details on enforcing security in Apex, see [Apex Security and Sharing](https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_security_sharing_chapter.htm).

The FAQ content is accurate and comprehensive, discussing the security requirements for custom flow actions. I made one minor improvement by adding a reference to the Apex Security and Sharing guide at the end to provide readers with authoritative implementation guidance. Regarding security rules selected: 1. **ApexCRUDViolation** - This rule directly relates to the FAQ's discussion of "proper CRUD...access checks" that custom flow actions must implement. The FAQ explicitly mentions CRUD enforcement as a requirement. 2. **ApexSharingViolations** - This rule is highly relevant to the FAQ's core discussion about "sharing enforcement" and "record-level (with sharing) access checks" that custom actions must implement. The FAQ specifically addresses sharing check requirements. 3. **PreventPassingUserDataIntoElementWithoutSharing** - This flow-specific rule relates to the FAQ's discussion of Flow security contexts and the caution needed when "custom Apex actions can conditionally bypass FLS and sharing checks when called from a Flow running in system context." 4. **PreventPassingUserDataIntoElementWithSharing** - This complementary flow rule also relates to the Flow security context scenarios discussed in the FAQ, providing coverage for both sharing enforcement approaches in Flow elements.