Loading

OmniStudio Security Enforcement — DataMapper Now Runs in User Mode

Publish Date: Jun 2, 2026
Description

These errors commonly occur when DataMapper queries objects like:

  • PermissionSetAssignment
  • User
  • SetUp objects etc

What Changed?
Before this enforcement, DataMapper ran in System/Admin Mode, meaning it could access all records and fields regardless of the running user's permissions.

After enabling Omnistudio Security enforcement, DataMapper now runs in User Mode, which means:
- The running user must have Read access to the object
- The running user must have FLS access to each queried field
- Sharing rules are respected


This change aligns OmniStudio with Salesforce platform security best practices.


Who Is Affected?
Customers using DataMapper Extract or Load operations against restricted objects
Experience Cloud / Guest users with limited permissions
Orgs which are on Spring '26 or later

Resolution

If your DataMapper needs to query objects that the running user does not have direct access to, use a without sharing Apex class via a Remote Action in OmniStudio. This allows the specific query to run in system context while keeping the rest of your DataMapper in user mode.

Please refer the below for sample code.

global without sharing class DataraptorCustomFunction implements System.Callable {

    public Object call(String action, Map<String,Object> args) {
        Map<String,Object> inputMap = (Map<String,Object>)args.get('input');
        Map<String,Object> outMap   = (Map<String,Object>)args.get('output');
        Map<String,Object> options  = (Map<String,Object>)args.get('options');
        return invokeMethod(action, inputMap, outMap, options);
    }

    global Boolean invokeMethod(
        String methodName,
        Map<String, Object> inputs,
        Map<String, Object> output,
        Map<String, Object> options)
    {
        // Returns the Profile Name of the current logged-in user
        if (methodName == 'GetProfileName') {
            output.put('result',
                [SELECT Profile.Name FROM User
                 WHERE Id = :UserInfo.getUserId()].Profile.Name
            );
        }
        // Returns the Permission Set Assignment Id for the current user
        else if (methodName == 'GetPermisionsSet') {
            List<PermissionSetAssignment> psa =
                [SELECT Id FROM PermissionSetAssignment
                 WHERE AssigneeId = :UserInfo.getUserId() LIMIT 1];
            if (!psa.isEmpty()) {
                output.put('result', (String)psa.get(0).Id);
            }
        }
        // Simple connectivity test
        else if (methodName == 'simpletest') {
            output.put('result', 'simpletestresult');
        }
        return true;
    }
}
 
Knowledge Article Number

005385942

 
Loading
Salesforce Help | Article