The platform provides security controls to manage the accessibility of functionalities in your application and also the visibility of the individual records it creates. As an application provider, your code has a responsibility to enforce security rules as well as provided integrations that help administrators configure security easily. This section is not aimed at taking a deep dive into the security features of the platform but is more to aid in understanding the options, best practices, and packaging implications.

One of the key checks the security review process described in the previous chapter makes is to scan the code to ensure it is using the appropriate Apex conventions to enforce the security rules administrators of your application configure, as not all security checks are enforced automatically for you.

This chapter discusses the following two categories of security as provided by the platform:

• Functional security: Security that applies to application objects and some code entry points (providing APIs), and also Visualforce pages that deliver the features of the application, is referred to here as functional security.
• Data security: In contrast to security applied to individual record data created and maintained by the application, this type of security is referred to as data security.