Loading
Ongoing maintenance for Salesforce HelpRead More
Enhance Salesforce with Code
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Access Rules When Packaging Custom Metadata Types and Records

            You are here:

            1. Salesforce Help
            2. Docs
            3. Enhance Salesforce with Code

            Access Rules When Packaging Custom Metadata Types and Records

            Understand the access rules when you develop a managed package that contains or reads custom metadata types and records.

            Required Editions

            Available in: Salesforce Classic and Lightning Experience

            Protected custom metadata types in managed packages are available in: Developer Edition and scratch orgs

            Package uploads and installs are available in Group, Enterprise, Performance, Unlimited, and Developer Editions

            Create, edit, and delete custom metadata type records from installed packages Group and Professional Editions

            When you create a custom metadata type, the package type and the Visibility field determine whether the custom metadata type is public or private. You can only create protected custom metadata types in a developer or scratch org that are then deployed in a managed package.

            When a custom metadata type is package-level protected using 2GP, records are only accessible from code within that managed package. Also the subscriber, and other packages, even within the same namespace, can’t access the custom metadata type or its records. A 2GP can only be created through the Salesforce DX command-line interface (SFDX CLI).

            To enable package-level protection for a custom metadata type, set the Visibility field to PackageProtected declaratively, or using metadata API.

            When a custom metadata type is namespace protected, code that’s in the same namespace as the custom metadata types can read the records. Code that’s in a namespace that doesn’t contain either the type or the protected record can’t read the protected records. To set the accessibility of a package as namespace protected, set the Visibility field to Protected declaratively, or using metadata API.

            Warning
            Warning Protected custom metadata types behave like public custom metadata types when they’re outside of a managed package. Public custom metadata types are readable for all profiles, including the guest user. Don’t store secrets, personally identifying information, or any private data in these records. Use protected custom metadata types only in managed packages. Outside of a managed package, use named credentials or encrypted custom fields to store secrets like OAuth tokens, passwords, and other confidential material.

            When a type is public, you can’t convert it to protected. The subscriber can’t create records of a protected type.

            If you change a type from protected to public, its protected records remain protected, and all other records become public. If you use Setup to create a record on a protected type, Protected Component is selected by default.

            After a managed package is released, subsequent versions of the package can be changed to a less restrictive protection level. For example, a package protected custom metadata type can be re-released as namespace protected. However, you can’t change the protection level to be more restrictive after it has been released in a managed package.

            Entity Accessibility
            Package Creator Org
            • Admins in the org developing the package can create a custom metadata record in their own package, regardless of the location of the record’s corresponding type. If an admin adds the record to the package, the record is deployed to the subscriber org.
            • Package creator orgs can delete protected managed released records in the org in which they were created, even if the corresponding type was created in a different org. When subscribers upgrade, the records are deleted from the subscriber org.
            Metadata API Callout Metadata API callouts behave as if they’re executed by the subscriber org code. As a result, someone can use a callout to view or change all records created by the subscriber org. However, the callout is used only to view or change the public records of installed managed packages. Configure a remote site setting to the subscriber’s Metadata API endpoint to use the Metadata API in the subscriber’s org.
            Metadata in Apex Metadata in Apex callouts behave as if they’re executed by subscriber org code. As a result, someone can use a callout to view or change all records created by the subscriber org. The callout can be used to view or change the public and protected records of installed managed packages.
            Record Creator
            • When you create a protected custom metadata record in your org, only your code, code from unmanaged packages, and code from the same namespace can access the record.
            • Record creators can create an unpackaged record using a Metadata API callout, even from managed code. Managed-installed code needs a remote site setting configured to execute all callouts. However, creators and subscribers can’t create a custom metadata record in an installed managed package using the Metadata API.
            • If a field of a custom metadata type is upgradeable, the record creator can change the record’s field value in the creator’s own org. Then, the record creator can upload a new version of the package, even if a different org created the type. If the record is in a managed package, these changes are propagated to the subscriber org when the org upgrades to a new version.
            • If a field is subscriber controlled, subscribers can also change the value in their own org. If the record is in a managed package, the new field value is propagated only to new package subscribers. Existing subscribers that upgrade to the latest version of the package don’t get the new field value.
            Subscriber Org If a field is subscriber controlled, subscribers can also change the value in their own org. If the record is in a managed package, the new field value is propagated only to Subscriber Org new package subscribers. Existing subscribers that upgrade to the latest version of the package don’t get the new field value.
            SQL Queries in Apex

            You can use SOQL queries in your Apex code to view a custom metadata record only if at least one of the following conditions is true.

            • The record is public.
            • Your Apex code is in the same package as the custom metadata type.
            • Your Apex code is in the same package as the record.

            See Also

             
            Loading
            Salesforce Help | Article