{"id":4546,"date":"2015-06-08T20:21:55","date_gmt":"2015-06-08T20:21:55","guid":{"rendered":"http:\/\/www.jitendrazaa.com\/blog\/?p=4546"},"modified":"2015-06-08T23:27:22","modified_gmt":"2015-06-08T23:27:22","slug":"system-mode-or-god-mode-in-apex-gotchas","status":"publish","type":"post","link":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/system-mode-or-god-mode-in-apex-gotchas\/","title":{"rendered":"System mode or God mode in Apex – Gotchas"},"content":{"rendered":"

In many of my previous implementations I have used advantage of Apex code running in System mode however never tried how far it can go in terms of capabilties. There is no specific Salesforce documentation which can explain that what is allowed or not allowed in System mode.<\/p>\n

In this post, we will go through some scenario and will try to understand what really is possible in\u00a0Apex System mode and when it can fail.<\/p>\n

Before diving more lets discuss how many types of mode do we have in Apex ?<\/p>\n

User Mode :<\/strong> As per this Salesforce post<\/a>, all Profile level permissions, sharing rules and Field level security are enforced in Apex if it runs in User mode. Standard Controller and Anonymous Apex runs in User mode.<\/p>\n

System Mode :<\/strong> Same post<\/a> conforms that custom controller, trigger, Apex class, controller extension works in System mode. Means eventhough user does not have necessary profile level permission, record level permission or field level permission, but still they can perform any operation on it.<\/p>\n

<\/p>\n

Creating test scenario<\/strong><\/p>\n

For testing purpose, I am going to use a user with “Chatter free” license and existing Opportunity record. Consider OWD for opportunity is “private”.<\/p>\n

Apex class : <\/span><\/p>\n

In this class, I am trying to update existing Opportunity<\/p>\n

\r\npublic class  SystemMode_Scenario {\r\n    public static void perform(){\r\n        Opportunity Opp = [SELECT NAME,StageName FROM Opportunity WHERE Id = '006K000000CD1fZIAT'] ;\r\n        Opp.StageName = 'Negotiation\/Review' ;\r\n        update Opp;\r\n    }\r\n}\r\n<\/pre>\n
Trigger on Feeditem :<\/span><\/p>\n
Whenever chatter free user is posting any chatter comment, below trigger should run and execute method in Apex class<\/p>\n
\r\ntrigger updateOpportunityFromChatterComment on FeedItem  (before insert) {\r\n    SystemMode_Scenario.perform();\r\n}\r\n<\/pre>\n
Chatter free user trying to update Standard Opportunity record – God mode in Action<\/span><\/strong><\/p>\n
As we know, Chatter free user cannot access any standard or custom objects. so as per documentation there is no way chatter user can access or update existing Opportunity.<\/p>\n
However, if you try to add comment in chatter using chatter user, trigger will be able to update existing Opportunity eventhough user does not has CRUD permission at profile level. So, we can say Apex really works in GOD mode.<\/p>\n
When Apex does not work in System or God mode – Gode mode failing because of “with sharing” keyword<\/span><\/strong><\/p>\n
Example 1 :<\/span><\/p>\n
Update Apex class with below code, only difference you can spot is addition of “with sharing” keyword.<\/p>\n
\r\npublic with sharing class  SystemMode_Scenario {\r\n    public static void perform(){\r\n        Opportunity Opp = [SELECT NAME,StageName FROM Opportunity WHERE Id = '006K000000CD1fZIAT'] ;\r\n        Opp.StageName = 'Negotiation\/Review' ;\r\n        update Opp;\r\n    }\r\n}\r\n<\/pre>\n
If you try to add chatter comment, it will fail saying “List has no rows for assignment” because\u00a0logged in user does not has access to existing Opportunity and Apex class is defined using keyword “with Sharing” and makes sense.<\/p>\n
\"Salesforce<\/a>
Salesforce System Mode fail- “With Sharing” keyword<\/figcaption><\/figure>\n
Example 2:<\/span><\/p>\n
In this example, lets try to create new record for Lead object and therefore update Apex class with below code :<\/p>\n
\r\npublic with sharing class  SystemMode_Scenario {\r\n    public static void perform(){\r\n        Lead l = new Lead(LastName='Zaa',Company='Cognizant');\r\n        insert l;\r\n    }\r\n}\r\n<\/pre>\n
In previous example, we have seen that Apex class failed because of “with sharing” keyword and it makes sense because chatter does not has record level permission.<\/p>\n
In this example, we are not trying to access any existing record rather\u00a0creating a new lead record. “with sharing” keyword only checks if user has access to existing record or not and therfore this code should work if Apex works in God mode.<\/p>\n
However,\u00a0code will still fail with below error saying “Invalid User Type”.<\/p>\n
\"Salesforce<\/a>
Salesforce God Mode failing<\/figcaption><\/figure>\n
Conclusion:<\/strong><\/p>\n
So saying, Apex runs in God mode not realy true if class is defined using keyword “with sharing”. “with sharing” keyword not only checks record level permission however somehow it enforces profile level permission as well.<\/p>\n
My two cents – Should we use System mode or rather I will say abuse God mode ?<\/strong><\/p>\n
So, there is way to get out of licensing cost. Consultants or developers may think that we can buy low cost license and using custom Apex and visualforce, same functionality can be achieved. However, I would not suggest because of below two reasons :<\/p>\n
    \n
  1. Salesforce documentation clearly segregates capabilities of difference licenses and they can change System mode functionality anytime. In fact, they have already started it by introducing “with sharing” keyword.<\/li>\n
  2. You’re violating the Master Service Agreement and\/or related agreements. You could be charged for full licenses retroactively, and failure to pay is breach of contract that will result in a lawsuit for damages, plus the loss of data that could result.<\/li>\n<\/ol>\n
    I would suggest to go through this article of Abhinav <\/a>as well, which also explains similar to what I am trying to explain here.<\/p>\n
    If any information here are not correct or you have different experience, please share in comment. I would try to update this post with your feedback.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Gotchas of System mode or God mode in Apex and its impact by using “With sharing” keyword in Salesforce<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"jz_research_post":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20,9],"tags":[337,99,321,331],"class_list":["post-4546","post","type-post","status-publish","format-standard","hentry","category-apex","category-salesforce","tag-apex","tag-field-level-security","tag-owd","tag-salesforce"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":2825,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/salesforce-interview-questions-part-7\/","url_meta":{"origin":4546,"position":0},"title":"Salesforce Interview Questions – Part 7","author":"Jitendra","date":"April 23, 2012","format":false,"excerpt":"Basic concepts and Interview Questions of salesforce, Visualforce, Apex and SOQL","rel":"","context":"In "Apex"","block_context":{"text":"Apex","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/apex\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6274,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/enterprise-territory-management-auto-account-assignment-using-apex\/","url_meta":{"origin":4546,"position":1},"title":"Enterprise Territory Management – Auto Account Assignment using Apex","author":"Jitendra","date":"September 22, 2017","format":false,"excerpt":"Use Apex code to auto assign Accounts on basis of Enterprise Territory Assignment rules","rel":"","context":"In "Salesforce"","block_context":{"text":"Salesforce","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/"},"img":{"alt_text":"Enterprise Territory - Auto Account Assignment using Apex","src":"https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/09\/Enterprise-Territory-Auto-Account-Assignment-using-Apex.jpg?fit=900%2C600&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/09\/Enterprise-Territory-Auto-Account-Assignment-using-Apex.jpg?fit=900%2C600&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/09\/Enterprise-Territory-Auto-Account-Assignment-using-Apex.jpg?fit=900%2C600&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/09\/Enterprise-Territory-Auto-Account-Assignment-using-Apex.jpg?fit=900%2C600&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":5796,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/lightning-data-services-standard-controller-for-lightning-components\/","url_meta":{"origin":4546,"position":2},"title":"Lightning Data Service – Standard Controller for Lightning Components","author":"Jitendra","date":"July 22, 2017","format":false,"excerpt":"Best Practices for Salesforce Lightning Component. How Lightning Data Service can improve Lightning Component performance and solve inconsistent data problem without writing single line of Apex code. Demo source code, image and slides included.","rel":"","context":"In "Apex"","block_context":{"text":"Apex","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/apex\/"},"img":{"alt_text":"Salesforce Lightning Data Services","src":"https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/07\/Salesforce-Lightning-Data-Services.png?fit=1045%2C395&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/07\/Salesforce-Lightning-Data-Services.png?fit=1045%2C395&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/07\/Salesforce-Lightning-Data-Services.png?fit=1045%2C395&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2017\/07\/Salesforce-Lightning-Data-Services.png?fit=1045%2C395&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":3278,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/visualforce\/using-fieldset-with-visualforce-and-apex\/","url_meta":{"origin":4546,"position":3},"title":"Using FieldSet with Visualforce and Apex","author":"Jitendra","date":"May 3, 2013","format":false,"excerpt":"One of the disadvantages comes up with Custom Page or Overriding New or Edit button with Visualforce page is its \"Maintenance\"\u009d, if New Filed is Added or needed to remove field we have to modify our code every time. However, Thanks to Salesforce that we have \"Field Set\"\u009d. With the\u2026","rel":"","context":"In "Apex"","block_context":{"text":"Apex","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/apex\/"},"img":{"alt_text":"Create Field Set in Salesforce","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2013\/05\/Create-Field-Set-in-Salesforce.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2013\/05\/Create-Field-Set-in-Salesforce.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2013\/05\/Create-Field-Set-in-Salesforce.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":28,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/salesforce-interview-questions\/","url_meta":{"origin":4546,"position":4},"title":"Salesforce Interview Questions – Part 1","author":"Jitendra","date":"May 6, 2010","format":false,"excerpt":"Set of most often asked questions on the salesforce.com developement","rel":"","context":"In "Salesforce"","block_context":{"text":"Salesforce","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2762,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/salesforce-interview-questions-part-6\/","url_meta":{"origin":4546,"position":5},"title":"Salesforce Interview Questions – Part 6","author":"Jitendra","date":"March 10, 2012","format":false,"excerpt":"Basic concepts and Interview Questions of salesforce, Visualforce, Apex and SOQL","rel":"","context":"In "Apex"","block_context":{"text":"Apex","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/apex\/"},"img":{"alt_text":"Salesforce - External Id option while creating field","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2012\/03\/Salesforce-External-Id-option-while-creating-field.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2012\/03\/Salesforce-External-Id-option-while-creating-field.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2012\/03\/Salesforce-External-Id-option-while-creating-field.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/4546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/comments?post=4546"}],"version-history":[{"count":8,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/4546\/revisions"}],"predecessor-version":[{"id":4558,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/4546\/revisions\/4558"}],"wp:attachment":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/media?parent=4546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/categories?post=4546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/tags?post=4546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}