SObjectAccessDecision Class

Contains the results of a call to the Security.stripInaccessible method and methods to retrieve those results.

Namespace

System

SObjectAccessDecision Methods

The following are methods for SObjectAccessDecision.

getModifiedIndexes()

Returns the indexes of sObjects that are modified by the stripInaccessible method.

Signature

public Set<Integer> getModifiedIndexes()

Return Value

Type: Set<Integer>

A set of unsigned integers that represent the row indexes of the modified sObjects.

Example

In this example, the user doesn’t have permission to update the AnnualRevenue field of an Account.

List<Account> accounts = new List<Account>{
    new Account(Name='Account1', AnnualRevenue=1000),
    new Account(Name='Account2')
};

// Strip fields that are not updatable
SObjectAccessDecision decision = Security.stripInaccessible(
    AccessType.UPDATABLE,
    accounts);

// Print stripped records
for (SObject strippedAccount : decision.getRecords()) {
    System.debug(strippedAccount);
}

// Print modified indexes
System.debug(decision.getModifiedIndexes());

getRecords()

Returns a list of new sObjects that are identical to the source records, except that they are stripped of fields that fail the field-level security check for the current user.

Usage

The stripInaccessible method performs field-level access check for the source records in the context of the current user’s operation. The getRecords() method returns the new records that contain only the fields that the current user has access to.

Signature

public List<SObject> getRecords()

Return Value

Type: List<SObject>

Even if the result list contains only one sObject, the return type is still a list (of size one).

Example

In this example, the user doesn’t have permission to update the AnnualRevenue field of an Account.

List<Account> accounts = new List<Account>{
    new Account(Name='Account1', AnnualRevenue=1000),
    new Account(Name='Account2')
};

// Strip fields that are not updatable
SObjectAccessDecision decision = Security.stripInaccessible(
    AccessType.UPDATABLE,
    accounts);

// Print stripped records
for (SObject strippedAccount : decision.getRecords()) {
    System.debug(strippedAccount);
}

getRemovedFields()

Returns a map of sObject types to their corresponding inaccessible fields. The map key is a string representation of the sObject type. The map value is a set of strings, which denote the fields names that are inaccessible.

Signature

public Map<String,Set<String>> getRemovedFields()

Return Value

Type: Map<String,Set<String>>

Example

In this example, the user doesn’t have permission to update the AnnualRevenue field of an Account.

List<Account> accounts = new List<Account>{
    new Account(Name='Account1', AnnualRevenue=1000),
    new Account(Name='Account2')
};

// Strip fields that are not updatable
SObjectAccessDecision decision = Security.stripInaccessible(
    AccessType.UPDATABLE,
    accounts);

// Print stripped records
for (SObject strippedAccount : decision.getRecords()) {
    System.debug(strippedAccount);
}
// Print removed fields
System.debug(decision.getRemovedFields());