FAQ-001473 - Permission Set Security / Broad Permission Justification

ViewAllRecord and ModifyAllRecord permissions in permission sets are acceptable only when assigned to users with specific and justified roles that require such broad access. These permissions must be carefully reviewed to ensure they're necessary for the intended functionality and don't pose a security risk. Proper access control should be in place, and the permissions should be validated against the caller or user context to ensure appropriate use.

I made minor refinements to improve clarity and tone while preserving all original content and meaning. Changed 'do not pose a security risk' to 'don't pose a security risk' for a more conversational tone, and refined 'checked against' to 'validated against' for clearer language. The phrase 'to validate their use' was simplified to 'to ensure appropriate use' for better readability. These changes align with the brand guidelines to be more conversational while maintaining the technical accuracy and completeness of the original answer. For security rules selected: - ApexCRUDViolation: This rule directly relates to the FAQ's discussion of broad record access permissions. The FAQ addresses when 'viewAllRecord and modifyAllRecord permissions' are acceptable, which are exactly the types of broad CRUD permissions that this rule helps identify and flag in code. - ApexSharingViolations: This rule is relevant because the FAQ discusses permissions that bypass normal sharing rules ('viewAllRecord and modifyAllRecord'). The FAQ's guidance about ensuring 'proper access control should be in place' and validating permissions 'against the caller or user context' directly relates to sharing rule enforcement that this rule addresses.