Require Customize Application Permission for Direct Read Access to Custom Settings (Critical Update, Enforced)
Where: This change applies to Lightning Experience and Salesforce Classic in Contact Manager, Essentials, Professional, Enterprise, Performance, Unlimited, and Developer editions.
When: This critical update is scheduled to be enforced on sandbox instances on January 2, 2020 in the Spring ’20 release. It will not be rolled out to all instances on January 2, 2020. Sandbox instances are upgraded 4–6 weeks before a release goes into production. To find the exact activation date for your instance, refer to https://status.salesforce.com.
How: When this critical update is enforced on the instance, users without the Customize Application permission can no longer access custom settings. To minimize the impact on your users, admins with the Customize Application permission can grant read access to specific custom settings, or to all custom settings.
- Go to the profile or permission set that you want to grant access to.
- Click the Custom Setting Definitions permission.
- Click Edit, add the custom setting to the Enabled Custom Setting Definitions list, then click Save.
- Search for Profiles or Permission Sets from Setup, then click the name of the profile or permission set and click Edit.
- In the Administrative Permissions section, check View All Custom Settings.
- Click Save.
- Customize Application permission—Read and write access to all custom settings.
- Custom Setting Definitions—Read access to specific custom settings outside of System context. Users must be granted access through profiles and permission sets.
- View All Custom Settings permission—Read access to all custom settings outside of System context.
- View Setup and Configuration permission—Read access to custom settings in Setup. Users must be granted access to specific custom settings through profiles and permission sets, or be granted the View All Custom Settings permission.
Apex generally runs in system mode so the current user's permissions and field-level security aren’t considered during code execution. The critical update doesn’t affect the accessibility of custom settings from system mode. Calling Apex methods such as isAccessible indicate whether the running user has access outside of system mode. After activating this critical update, if the user isn’t granted access to an object, calling isAccessible returns false. For example, if a user isn’t granted access through a profile to Contact, isAccessible returns false.
- Go to Setup and search for Schema Settings.
- Turn off Restrict access to custom settings.