Introducing new AccessLevel.withPermissionSetId() method in #SalesforceWinter24Release

This New Developer Preview Feature is used to Specify Custom Access Using Permission Sets for User Mode Database Operations.

This new method allows database and search operations to be run with permissions specified in a permission set, making it easier and better to enforce field-level security (FLS) and object permissions in Apex code.

Here are the key details you need to know:

This feature is available in scratch orgs where the ApexUserModeWithPermset feature is enabled.

If the feature is not enabled, Apex code with this feature can be compiled but not executed.

For the Developer Preview, you can run the AccessLevel.withPermissionSetId() method with a specified permission set ID.

Specific user mode DML operations performed with the specified AccessLevel respect the permissions in the specified permission set.

Previously, you could choose to run DML operations in user mode, enforcing the FLS and object permissions of the running user.

Here's an example of how you can use this new feature:

@isTest
public with sharing class ElevateUserModeOperations_Test {
    @isTest
    static void objectCreatePermViaPermissionSet() {
        // Create a user with a specific profile
        Profile p = [SELECT Id FROM Profile WHERE Name='Minimum Access - Salesforce'];
        User u = new User(Alias = 'standt', Email='standarduser@testorg.com',
            EmailEncodingKey='UTF-8', LastName='Testing', LanguageLocaleKey='en_US',
            LocaleSidKey='en_US', ProfileId = p.Id,
            TimeZoneSidKey='America/Los_Angeles',
            UserName='standarduser' + DateTime.now().getTime() + '@testorg.com');

        // Run operations with specific permission set
        System.runAs(u) {
            // Try to insert an account without the necessary permission
            try {
                Database.insert(new Account(name='foo'), AccessLevel.User_mode);
                Assert.fail();
            } catch (SecurityException ex) {
                Assert.isTrue(ex.getMessage().contains('Account'));
            }

            // Get the ID of the permission set to be used
            Id permissionSetId = [Select Id from PermissionSet
                where Name = 'AllowCreateToAccount' limit 1].Id;

            // Insert an account with the specified permission set
            Database.insert(new Account(name='foo'), AccessLevel.User_mode.withPermissionSetId(permissionSetId));

            // The elevated access level does not persist to subsequent operations
            try {
                Database.insert(new Account(name='foo2'), AccessLevel.User_mode);
                Assert.fail('permset leaked');
            } catch (SecurityException ex) {
                Assert.isTrue(ex.getMessage().contains('Account'));
            }
        }
    }
}

Note: This example shows how to use the AccessLevel.withPermissionSetId() method to insert a custom object with a specified permission set.


Documentation Link - https://help.salesforce.com/s/articleView?id=release-notes.rn_apex_User_Mode_PermSets.htm&release=246&type=5


Follow Us

Posted By : Sudeer Kamat Date :

view_module Related

label Labels

Comments 0