Skip to main content

Salesforce Winter ’20 Release Notes(Critical Updates and Security Alerts) - Summary

Summary - Salesforce Winter ’20 Release

  1. Critical Updates and Security Alerts
  • Enable ICU( International Components for Unicode) Locale Formats (Critical Update)
  • Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile
  • Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile
  • Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing
  • Enforce Access Modifiers on Apex Properties in Lightning Component Markup
  • Enable Partial Save for Invocable Actions
Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile
 A guest, portal, or community user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This critical update enforces user profile restrictions for Apex classes used by Aura and Lightning web components.

Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile
An authenticated user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This critical update enforces user profile restrictions for Apex classes used by Aura and Lightning web components.

Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing
This critical update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing.
Note: This critical update applies only to orgs created after Spring ’18 or orgs that activated the retired “Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing” critical update that had the opposite effect and set the default to without sharing.

Enforce Access Modifiers on Apex Properties in Lightning Component Markup
This critical update makes Lightning components consistent with the usage of Apex properties in other contexts. For example, a markup expression can no longer access an Apex property with a private Apex getter.
Example : 
issue :- 
@AuraEnabled
 public Integer counter { private/protected get; set; }

Aura component/LWC can’t access the private/protected getter.
fix :-
@AuraEnabled
public Integer counter { get; set; }

Enable Partial Save for Invocable Actions
It only affects external REST API calls to invocable actions done in bulk. With this update, when invoking a set of actions in a single request, a single failed invocable action no longer causes the entire transaction to fail. Without this update, if a single invocable action fails, other invocable actions within the transaction are rolled back and the entire transaction fails.
Note : Most invocable action types that are invoked via REST API are enabled with the partial save functionality. However, even with this critical update, the following action types don’t support partial save functionality:

  • Cancel Fulfillment Order
  • Cancellation Orders
  • Capture Funds
  • Content Workspaces
  • Create Fulfillment Order
  • Create Invoice from Fulfillment Order
  • Create Service Report
  • External Services
  • Generate Work Orders
  • Invocable Apex
  • Skills-based Routing
  • Submit Digital Form Response
New Security Alerts

Automatically Assign Records Created by Guest Users to a Default Owner (Security Alert)
Set up your org so that guest users are no longer automatically the owner of records they create. Instead, when a guest user creates a record, the record is assigned to a default active user in the org, who becomes the owner.

 View All Users and Other Permissions Disabled in Guest User Profiles 
Guest users typically don’t need access to view all users in a Salesforce org, the View All Users permission has been disabled in guest user profiles. If you have an org created before Winter ’20, we recommend that you check guest user access and deselect the View All Users permission in all your guest user profiles. To enhance security, we also removed these permissions from the guest user profile: Can Approve Feed Post and Comments, Enable UI Tier Architecture, Remove People from Direct Messages, View Topics, and Send Non-Commercial Email.

 Secure Guest Users’ Org-Wide Defaults and Sharing Model (Security Alert)
To increase the security of your Salesforce data, we‘re enforcing private org-wide defaults for guest users. We’re also restricting the sharing mechanisms that you can use to grant record access to guest users. If you have an org created before Winter ’20, we recommend that you review the external org-wide defaults, public groups, queues, and manual sharing that you use to grant access to guest users. Then replace the access previously granted by these sharing mechanisms with guest user sharing rules before the security alert is enforced.

 Community Nicknames (Security Alert)

Starting in Winter ’20, community nicknames are enabled by default for new communities and no longer based on user names.
Labels:

Comments

Post a Comment

Popular posts from this blog

Platform Developer I Certification Maintenance (Winter '23)

 Maintain Your Platform Developer I Certification for Winter ’23 1. Field update actions have changed in API Version 54.0. Which record-triggered flows do field update actions now execute? Answer: Before-Save after After-Save 2. Which Apex class is used to determine the hostnames for the domains that Salesforce hosts for your org? Answer: System.DomainCreator 3. Which modules can be used for notifications in a Lightning web component instead of native APIs? Answer: LightningAlert, LightningConfirm, and LightningPrompt 4. What determines an org’s “shape” in Salesforce? Answer: Features, settings, edition, limits, and licenses 5. Which lightning-modal-* component is required to create a modal? Answer: Body 6. How do you call an invocable action from Apex code? Answer: Reference Invocable.Action Get Hands-On With Apex Assertions 1. Create Two Apex class: Copy and Paste below codes (A.) TestFactory @isTest public class TestFactory {    public static Account getAccount(String accountName, B
Post a Comment
Read more

Administrator Certification Maintenance (Spring '23)

 Maintain Your Administrator Certification for Spring '23 1. What information is listed in the Details panel for recently used reports? Answer: A, B, C 2. What is used to give sales reps access to a guided process to import contacts and leads? Answer:  Sample CSV file 3. Which feature efficiently removes inactive picklist values? Answer: Bulk Delete Unused Values 4. Which type of Process Builder processes can be converted using the Migrate to Flow tool? Answer: Record-triggered Get Hands-on with Enhance Record Pages With Dynamic Forms Follow steps show in Screenshot also highlighted with Red Box:
Post a Comment
Read more

Platform App Builder Certification Maintenance (Winter ’23)

Maintain Your Platform App Builder Certification for Winter ’23 1. What component customizes related lists directly from the Lightning App Builder? Answer:      Dynamic Related List – Single 2. Where can a debug flow test be created and saved? Answer:      Flow Builder 3. What action enables smart email auto-responses in Flow Builder? Answer:      Create Article Recommendations 4. Custom address fields improve address data accuracy for your users using what type of list? Answer: State and Country/Territory Picklists 5. What are the benefits of using Dynamic Forms on record pages? Answer:      Place fields anywhere on the page  Use Visibility Rule to show and hide fields  6. Restriction or scoping rules now allow multiple values. When should double quotes surround a value? Answer:      If a single value contains a comma  Get Hands-On With Permission Set Expiration Verify before performing this: Permission Set & Permission Set Group Assignments with Expiration Dates should be enabled
Post a Comment
Read more

Translate