Access Check Violations Are Now Enforced

Access check enforcement was a critical update in Summer ’16 and will be enforced for all orgs sometime between October 15 and October 19, 2016. Improved access check enforcement for Lightning resources enables component authors to have greater control over how their components are used.

You can control access to Lightning resources via the access system attribute on these tags:

  • <aura:application>
  • <aura:attribute>
  • <aura:component>
  • <aura:event>
  • <aura:interface>
  • <aura:method>

The default value for Lightning resources is access="public", which makes the resources available only within the same namespace.

This sample component has global access.

<aura:component access="global">
    ...
</aura:component>

Access Violations

If your code accesses a resource, such as a component or attribute, that doesn’t have an access system attribute allowing you to access it, the code doesn’t execute or returns undefined.

If you enabled debug mode, you also see a popup error message.

Anatomy of an Access Check Error Message

Here is a sample access check error message for an access violation.

Access  Check  Failed ! ComponentService.getDef():'markup://c:targetComponent' is not visible to 'markup://c:sourceComponent'.

An error message has four parts:

  1. The context (who is trying to access the resource). In our example, this is markup://c:sourceComponent.
  2. The target (the resource being accessed). In our example, this is markup://c:targetComponent.
  3. The type of failure. In our example, this is not visible.
  4. The code that triggered the failure. This is usually a class method. In our example, this is ComponentService.getDef(), which means that the target definition (component) was not accessible. A definition describes metadata for a resource, such as a component.

Fixing Access Check Errors

Tip

Tip

If your code isn’t working as you expect, enable debug mode to get better error reporting.

You can fix access check errors using one or more of these techniques.

  • Add appropriate access system attributes to the resources that you own.
  • Remove references in your code to resources that aren’t available. In the earlier example, markup://c:targetComponent doesn’t have an access value allowing markup://c:sourceComponent to access it.
  • Ensure that an attribute that you’re accessing exists by looking at its <aura:attribute> definition. Confirm that you’re using the correct case-sensitive spelling for the name.

    Accessing an undefined attribute or an attribute that is out of scope, for example a private attribute, triggers the same access violation message. The access context doesn’t know whether the attribute is undefined or inaccessible.

For more information about the access system attribute, see the Lightning Components Developer Guide.