FAQ-001574 - SOQL Security and User Mode Implementation / SYSTEM_MODE vs USER_MODE Selection

Use **SYSTEM_MODE** for custom settings operations when business logic requires bypassing user permissions. For example: - When guest users can't be assigned Create/Update permissions - When granular sharing rules aren't applicable Even in SYSTEM_MODE, it's recommended to implement CRUD checks to maintain security. Use **USER_MODE** when enforcing user permissions is necessary. It respects the user's access rights and ensures compliance with CRUD/FLS checks.

The original answer had minor wording that could be improved for clarity and conciseness while maintaining all original points and information. Changes made: 1) Simplified 'cannot be assigned' to 'can't be assigned' for more conversational tone, 2) Changed 'are not applicable' to 'aren't applicable' for consistency with conversational style, 3) Removed 'However' and 'On the other hand' transitions to make the text more direct and scannable. No technical content was changed - all security concepts and recommendations remain identical. For ApexCRUDViolation: This rule is directly relevant because the FAQ discusses implementing CRUD checks in SYSTEM_MODE operations. The FAQ specifically mentions 'it's recommended to implement CRUD checks to maintain security' which aligns with this rule's purpose of detecting missing CRUD validation. For ApexSharingViolations: This rule applies because the FAQ discusses SYSTEM_MODE vs USER_MODE for custom settings, and mentions 'granular sharing rules are not applicable' as a consideration. The FAQ's guidance on when to bypass vs enforce user permissions directly relates to sharing violations that this rule detects.