You are here:
Omni Integration Configuration Setup for ApexClassCheck Set to True Control
Enforces strict Apex class permission validation within Omnistudio Integration Procedures.
Control Name
Omnistudio - Object and Field Level Security (Select Omni Integration Configuration Setup for ApexClassCheck set to 'True').
Control Overview
Enforces strict Apex class permission validation within Omnistudio Integration Procedures, ensuring users can only execute authorized Apex classes through low-code orchestration regardless of their Omnistudio component access.
Description
When enabled in Omni Integration Configuration custom settings, Omnistudio validates the running user's Apex class execute permissions before allowing Integration Procedures, DataRaptors, or other components to invoke backend Apex logic.
Recommended Configuration
Select Omni Integration Configuration Setup for ApexClassCheck set to "True" in Setup>Custom Settings>Omni Integration Configuration.
Security Impact
Prevents privilege escalation through Omnistudio Integration Procedures by ensuring backend Apex execution respects profile/permission set class-level restrictions, eliminating common bypass patterns in low-code integrations.
Business Impact
Aligns Omnistudio backend security with the standard Salesforce Apex governance model. Supports compliance requirements for uniform permission enforcement across custom development platforms.
Security Risk If Not Configured
Lack of security checks enforcement to strictly validate Apex Class permission for all users using Omnistudio allows unauthorized execution of sensitive backend logic through Integration Procedure calls.
Threat Scenarios
Compromised users or external portal accounts execute privileged Apex classes (data exports, mass updates, system configuration) through seemingly legitimate Omnistudio workflows they shouldn't have direct access to.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
May break existing Integration Procedures calling unauthorized Apex. Comprehensive testing is required. Performance impact is minimal as validation occurs at compile/plan time.
Higher Risk When
Omnistudio handles sensitive operations (bulk data processing, financial calculations, PII management), complex permission model with granular Apex class restrictions, external user access.
Low Risk When
Internal users only, simple Integration Procedures calling public/utility Apex classes, uniform "full Apex access" granted to all active profiles.
Business and Integration Considerations
A must have for production Omnistudio deployments. Enable in sandbox first, systematically audit and update permission sets granting Apex class access to Integration Procedure users.
Security Health Review Guidance
Must have.
Who Is Impacted
Omnistudio Integration Procedure developers, security admins managing Apex permissions, end users accessing Omnistudio applications, external portal users.
