FAQ-001019 - Flow Security and System Mode / Custom Flow Actions Security

The recommended security pattern for a custom flow action that operates on data the running user may not have access to is to use invocable Apex methods running in "without sharing" mode. This ensures the action bypasses user permissions and sharing rules, allowing secure operations. Additionally, for flows, you can use the "system mode without sharing" option (introduced in Summer '20) to enable standard flow actions like "Get Records" and "Update Records" to function without needing custom Apex methods.

The FAQ content is accurate and well-structured, clearly explaining the two primary approaches for handling elevated permissions in flows. No outdated content was detected, and the technical information aligns with current Salesforce practices. The answer appropriately covers both custom Apex solutions and the native Flow system mode option. For ApexSharingViolations: This rule is directly relevant because the FAQ explicitly discusses using "without sharing" mode in Apex methods for flow actions. The rule detects sharing violations including the use of "without sharing" keywords, making it highly applicable to the technical content being explained in the FAQ. For PreventPassingUserDataIntoElementWithoutSharing: This rule applies because the FAQ discusses flow elements operating "without sharing" mode and scenarios where flows bypass user permissions. The rule specifically targets flows that pass user data into elements without sharing enforcement, which directly relates to the security patterns described in the FAQ answer.