Clayton

Because Apex generally runs in system context, permissions, field-level security, and sharing rules aren't taken into account during code execution. This might put applications at risk of inadvertently exposing sensitive data.

Apex classes that perform direct or indirect database access

Apex classes that expose any REST resources (via Apex REST annotations)

Apex classes that are used as controllers by Visualforce pages, components

Apex classes that are used by Lightning controllers 

- Apex classes that perform direct or indirect database access
- Apex web services
- Apex classes that expose any REST resources (via Apex REST annotations)
- Apex classes that are used as controllers by Visualforce pages, components
- Apex classes that are used by Lightning controllers 

This rule will not trigger on test classes

- This rule will not trigger on test classes

<a href="https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_keywords_sharing.htm?search_text=sharing" rel="nofollow noopener noreferrer" target="_blank">Using the with sharing or without sharing keywords</a>

<a href="https://developer.salesforce.com/page/Apex_Web_Services_and_Callouts" rel="nofollow noopener noreferrer" target="_blank">Apex Web Services and callouts</a>

<a href="https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_annotations_rest.htm" rel="nofollow noopener noreferrer" target="_blank">Apex REST annotations</a>

- <a href="https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_keywords_sharing.htm?search_text=sharing" rel="nofollow noopener noreferrer" target="_blank">Using the with sharing or without sharing keywords</a>
- <a href="https://developer.salesforce.com/page/Apex_Web_Services_and_Callouts" rel="nofollow noopener noreferrer" target="_blank">Apex Web Services and callouts</a>
- <a href="https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_annotations_rest.htm" rel="nofollow noopener noreferrer" target="_blank">Apex REST annotations</a>

Ensure proper sharing behaviour on classes that access data or expose it data in views or APIs.

Rationale

Scope

Exclusions

See Also