What are the approved patterns for handling system context vs user context in flow actions?
Answer
Approved patterns for handling system context versus user context in flow actions in Salesforce include:
1. **Guest Users**:
- When the "Secure Guest User Record Access" setting is enabled, standard flow actions like "Get Records" and "Update Records" may fail due to restricted access.
- To handle this, use invocable Apex methods running DML operations in "without sharing" mode to securely perform these actions.
2. **System Mode for Flows**:
- Since the Summer '20 update, flows can run in a mode that bypasses user permissions, effectively running in system mode without sharing. This allows standard flow actions like "Get Records" and "Update Records" to work for guest users without needing custom Apex actions.
3. **Authenticated Users**:
- For authenticated users, standard flow actions remain valid as the platform supports Read/Write access to records.
These patterns ensure secure and compliant handling of system and user contexts in flow actions.
What are the approved patterns for handling system context vs user context in flow actions?
Recommended Answer Update
Approved patterns for handling system context versus user context in flow actions in Salesforce include:
1. **Guest Users**:
- When the "Secure Guest User Record Access" setting is enabled, standard flow actions like "Get Records" and "Update Records" may fail due to restricted access.
- To handle this, use invocable Apex methods running DML operations in "without sharing" mode to securely perform these actions.
2. **System Mode for Flows**:
- Since the Summer '20 update, flows can run in a mode that bypasses user permissions, effectively running in system mode without sharing. This allows standard flow actions like "Get Records" and "Update Records" to work for guest users without needing custom Apex actions.
3. **Authenticated Users**:
- For authenticated users, standard flow actions remain valid as the platform supports Read/Write access to records.
These patterns ensure secure and compliant handling of system and user contexts in flow actions.
Reasoning
The existing content is accurate and well-structured, so no changes to the answer content were needed. The FAQ appropriately explains the different contexts (guest vs authenticated users) and the approved patterns for handling each scenario. The information about Summer '20 system mode for flows and the use of 'without sharing' Apex methods aligns with current Salesforce capabilities and security best practices.
For security rules selection:
1. **ApexSharingViolations**: This rule is directly relevant because the FAQ discusses using Apex methods in "without sharing" mode, which is exactly what this rule monitors. The FAQ content specifically mentions "use invocable Apex methods running DML operations in 'without sharing' mode" which relates to sharing violations that this rule would detect.
2. **ApexCRUDViolation**: This rule applies because the FAQ discusses data access patterns through "Get Records" and "Update Records" operations, which involve CRUD operations that this rule monitors for proper security enforcement.
3. **PreventPassingUserDataIntoElementWithoutSharing**: This flow-specific rule is highly relevant since the FAQ is specifically about flow actions and discusses scenarios where flows run "without sharing" or bypass user permissions. The FAQ content about system mode flows and guest user handling directly relates to this rule's purpose.
4. **PreventPassingUserDataIntoElementWithSharing**: This complementary flow rule is also relevant as it covers the other side of the security equation - ensuring proper handling when sharing rules should be enforced. The FAQ's discussion of authenticated users and standard flow actions relates to this rule's monitoring scope.