You are here:
How Does Apex Class Security Work?
Limit which users can execute methods in a particular top-level Apex class based on their profiles or an associated permission set. This technique lets you apply granular security to Apex operations in your org.
Required Editions
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Available in: Performance, Unlimited, Developer, Enterprise, and Database.com Editions |
You can set Apex class security via:
- The Apex class list page
- An Apex class detail page
- Permission sets
- Profiles
These permissions apply only to any Apex class methods(including web service methods) used in
a custom Visualforce controller or controller extension that’s applied to a Visualforce page.
In contrast, triggers always fire on trigger events (such as insert or update), regardless of a user’s
permissions.
global
or for classes that contain methods declared as webService.If users have the Author Apex permission, they can access all Apex classes in the associated organization, regardless of the security settings for individual classes.
Permission for an Apex class is checked only at the top level. For example, class A calls class B. User X has a profile that can access class A but not class B. User X can execute the code in class B, but only through class A; user X cannot invoke class B directly. Likewise, if a Visualforce page uses a custom component with an associated controller, security is only checked for the controller associated with the page. The controller associated with the custom component executes regardless of permissions.
- Set Apex Class Access from the Class List Page
Limit which users can execute methods in a particular top-level Apex class based on their profiles. - Set Apex Class Access from the Class Detail Page
Limit which users can execute methods in a particular top-level Apex class based on their profiles. - Set Apex Class Access from Permission Sets
You can specify which methods in a top-level Apex class are executable for a permission set. - Set Apex Class Access from Profiles
Specify which methods in a top-level Apex class are executable for a profile. - Create Apex Sharing Reasons
When creating Apex managed sharing, create Apex sharing reasons for individual custom objects to indicate why sharing was implemented. - Recalculate Apex Managed Sharing
Developers can write batch Apex classes that recalculate the Apex managed sharing for a specific custom object.
