When you develop a managed package that contains or reads custom metadata types and records, be aware of the access rules.
|Available in: both Salesforce Classic and Lightning Experience|
|Available in: Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions |
Professional Edition orgs can create, edit, and delete custom metadata records only from types in installed packages.
The packaging access rules govern which orgs can read, update, or delete custom metadata records. It is assumed that the custom metadata types are public.
- An admin in the org developing the package can create a custom metadata record in their own package regardless of the location of its corresponding type. If they add the new record to the package, it’s deployed to the subscriber org.
- No one can create a custom metadata record in an installed managed package using the Metadata API. You can, however, create an unpackaged record using a Metadata API callout, even from managed code. Managed installed code needs a remote site setting configured to execute all callouts.
- If a field of a custom metadata type is upgradeable, the record creator can change the field value for that record in the creator’s own org and upload a new version of the package, even if a different org created the type. If the record is in a managed package, these changes are propagated to the subscriber org when they upgrade to a new version.
- If a field is subscriber controlled, both the record creator and a subscriber can change the value in their own org. If the record is in a managed package, the new field value is propagated only to new package subscribers. Existing subscribers that upgrade to the latest version of the package do not get the new field value.
- You can delete protected managed released records in the org in which they were created, even if the corresponding type was created in a different org. When subscribers upgrade, the records are deleted from the subscriber org. You can never delete public managed released records.
- SOQL queries in your Apex code can view custom metadata records only if exactly one of the following conditions is true.
- The records are public.
- Your Apex code is in the same package as the custom metadata type.
- Your Apex code is in the same package as the record.
- Metadata API callouts behave as if they’re being executed by subscriber org code. As a result, a callout can view or change all records created by the subscriber org, although it can only view or change public records of installed managed packages. Configure a remote site setting to the subscriber’s Metadata API endpoint to use the Metadata API in the subscriber’s org.