FAQ-001024 - Flow Security and System Mode / Flow vs Apex Security Models

Security requirements for Apex classes and Flow security models differ in their approach: - **Apex Classes**: Require explicit enforcement of CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks. Developers must programmatically implement these checks, especially when running in system mode, to prevent unauthorized data access or updates. Modern approaches like `WITH USER_MODE` in SOQL queries and `AccessLevel.USER_MODE` in Database methods automatically handle these security checks. - **Flows**: Rely on the platform's built-in sharing settings and permissions. Flows typically operate in user mode, respecting the user's permissions and sharing rules by default. However, when configured to run in system mode, extra care is needed to ensure sensitive data isn't exposed or modified without proper authorization. Both models focus on validating data access and adhering to security best practices, but Apex classes demand more manual intervention to enforce these controls.

I made minimal improvements to enhance clarity and modernize the content slightly. The main changes were: 1) Added mention of modern Apex security approaches (`WITH USER_MODE` and `AccessLevel.USER_MODE`) as per the security approaches guidelines, while preserving the existing content about manual checks, 2) Changed 'is not' to 'isn't' for a more conversational tone per the brand guide, and 3) Minor wording refinements for better flow. All original points and structure were preserved. For the related security rules: ApexCRUDViolation directly relates to the FAQ's discussion of 'explicit enforcement of CRUD checks' in Apex classes. ApexSharingViolations connects to the content about 'sharing settings and permissions' and running code 'in system mode' where sharing rules need consideration. PreventPassingUserDataIntoElementWithoutSharing relates to the Flow portion discussing 'system mode' execution and preventing 'sensitive data' exposure. PreventPassingUserDataIntoElementWithSharing complements this by covering the user mode scenarios mentioned in the Flows section.