Enforce Field-Level Security Permissions for SOQL Queries (Beta)

Use the WITH SECURITY_ENFORCED clause to enable checking for field- and object-level security permissions on SOQL SELECT queries, including subqueries and cross-object relationships. Although performing these checks was possible in earlier releases, this clause substantially reduces the verbosity and technical complexity in query operations. This feature is tailored to Apex developers who have minimal development experience with security and to applications where graceful degradation on permissions errors isn’t required.
Note

Note

As a beta feature, SELECT WITH SECURITY_ENFORCED is a preview and isn’t part of the “Services” under your master subscription agreement with Salesforce. Use this feature at your sole discretion, and make your purchase decisions only on the basis of generally available products and features. Salesforce doesn’t guarantee general availability of this feature within any particular time frame or at all, and we can discontinue it at any time. This feature is for evaluation purposes only, not for production use. It’s offered as is and isn’t supported, and Salesforce has no liability for any harm or damage arising out of or in connection with it. All restrictions, Salesforce reservation of rights, obligations concerning the Services, and terms for related Non-Salesforce Applications and Content apply equally to your use of this feature.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

How: If fields or objects referenced in the SELECT clause using WITH SECURITY_ENFORCED are inaccessible to the user, an exception is thrown, and no data is returned.

Note

Note

The WITH SECURITY_ENFORCED clause is only available in Apex. Using WITH SECURITY_ENFORCED in Apex classes or triggers with an API version earlier than 45.0 is not recommended.

Example

If field-level security for either the LastName or Description field is hidden, this query throws an exception indicating insufficient permissions.
SELECT Id, (SELECT LastName FROM Contacts), 
   (SELECT Description FROM Opportunities)
   FROM Account WITH SECURITY_ENFORCED

Example

If field-level security for Website is hidden, this query throws an exception indicating insufficient permissions.
SELECT Id, Parent.Name, Parent.Website FROM Account WITH SECURITY_ENFORCED