Loading

Named Credentials: Customize Application Permission Required for Anonymous Apex Callouts (Security Change)

Udgivelsesdato: Jun 10, 2026
Beskrivelse

A security update to Salesforce Named Credentials now requires users who make Anonymous Apex callouts that reference Named Credentials to have the Customize Application user permission. Previously, only the Enable API Access permission was required for this action.
This change aligns the permission requirements for two related user actions: editing Named Credentials in the Setup UI (which always required Customize Application) and executing Named Credential callouts in Anonymous Apex (which previously only required Enable API Access). By requiring the same permission for both, Salesforce eliminates a privilege escalation risk.

Løsning

Who Is Affected

Users who do not have the Customize Application user permission and who previously made Anonymous Apex callouts using Named Credentials are blocked from doing so. This change does not affect users who already have the Customize Application permission.

Required Action for Admins

If you have users with a business requirement to make Anonymous Apex callouts using Named Credentials, assign them the Customize Application user permission. For information on this permission, see: User Permissions Reference

Background: Why This Change Was Made

This change is part of Salesforce's ongoing effort to increase application security posture. Salesforce is fixing a discrepancy where two user flows accessing the same higher-privileged resource (Named Credentials) required different permission levels. This enforcement was applied as a platform security enhancement.

Vidensartikelnummer

000392849

 
Indlæser
Salesforce Help | Article