Anonymous Apex
|
Sharing is enforced by default, unless disabled by applying the without sharing keyword to the enclosing class.
CRUD and FLS are enforced by default, but only against the code entered directly into the Execute Anonymous window. The code will fail to compile if the user does not have access to the objects or fields referenced.
Note that the checking is only performed by the platform at compilation time; if the code calls a pre-existing Apex class, there is no enforcement within this class and any other class it calls.
|
See Note 2.
|
Apex Controller Action Method
Note: Used only by Visualforce pages
|
Sharing is not enforced by default; the developer needs to apply the with sharing keyword to the enclosing class.
CRUD and FLS are not enforced by default; the developer needs to enforce this in code.
|
Any member variable declared on the Apex Controller that is not static or marked with the transient keyword will be included in View State.
Visualforce automatically maintains this between interactions on the page. Use it carefully, as large View State sizes can cause performance degradation for the page. Developer Console has an excellent View State browser tool.
|
Apex Controller Remote and Aura Actions
Note: Remote Actions methods are used by Visualforce and Aura Actions methods are used by Lightning Components
|
Sharing is not enforced by default; the developer needs to apply the with sharing keyword to the enclosing class. It is required for Salesforce security review.
CRUD and FLS are not enforced by default; the developer needs to check this in code.
|
Remote Action and Aura Action Apex methods are already static, as stated previously; any static data is not retained in Apex. Thus, there is no state retained between remote action calls made by the client JavaScript. Typically, in these cases, the state of the task the user is performing is maintained on the page itself via the client-side state. As a result of not having to manage the state for the developer, these type of methods are much faster than Action Methods described in the preceding section.
|
Apex Trigger
|
Sharing is not enforced by default; the developer needs to apply the with sharing keyword in the outermost Apex class (if present, for example, Apex Controller).
Triggers invoked through the Salesforce UIs or APIs run without sharing implicitly; if you need to apply with sharing, move your trigger code into an Apex class and call that from the trigger code.
CRUD and FLS are not enforced by default; the developer needs to enforce this in the code.
|
Static variables are shared between Apex Trigger invocations within an execution context. This allows some caching of commonly used information and/or recursive trigger protection to be implemented if needed.
|
Batch Apex
|
Sharing is not enforced by default; the developer needs to apply the with sharing keyword to the enclosing class.
CRUD and FLS are not enforced by default; the developer needs to enforce this in the code.
|
Batch Apex splits work into distinct execution contexts, driven by splitting up the data into scopes (typically, 200).
If the Database.Stateful interface is implemented, class member variable values of the implementing Apex class are retained between each invocation. The transient keyword also applies here.
The final keyword can be used to retain the initial member variable values throughout the job execution.
|
Queueable
|
See Note 1.
|
See Note 2.
|
Apex Scheduler
|
See Note 1.
|
See Note 2.
|
Inbound messaging
|
See Note 1.
|
See Note 2.
|
Invocable Method
|
See Note 1.
|
See Note 2.
|
Apex REST API
|
See Note 1.
|
See Note 2.
|
Apex Web Service
|
See Note 1.
|
See Note 2.
|