FAQ-001495 - Permission Set Security / Permission Validation and Querying

To query a user's assigned permission sets without needing administrative permissions, you can use the `PermissionSetAssignment` object with `WITH USER_MODE` to enforce field-level security and sharing rules automatically. Here's an example query: ```sql SELECT PermissionSetId, PermissionSet.Name FROM PermissionSetAssignment WHERE AssigneeId = :userId WITH USER_MODE ``` Replace `:userId` with the specific user's ID. The `WITH USER_MODE` clause ensures the query respects the current user's permissions and access controls.

The original answer correctly explains how to query PermissionSetAssignment but lacks modern security enforcement. Following the security approaches guidelines, I updated the answer to prioritize the modern `WITH USER_MODE` approach over relying on manual permission checks. This change makes the code more secure by default while requiring less manual validation code. I selected ApexCRUDViolation because this FAQ directly deals with querying Salesforce objects (PermissionSetAssignment and PermissionSet) where proper CRUD permissions must be enforced. The rule detects when Apex code performs database operations without proper permission checks, which is exactly what this FAQ is teaching developers to do correctly. I selected ApexSharingViolations because the FAQ content involves querying user permission data, which is subject to sharing rules and access controls. The answer demonstrates how to query user assignments while respecting sharing boundaries, which directly relates to this rule's purpose of detecting when sharing rules are not properly enforced in database operations.