Salesforce IdeaExchange
Run APEX/Triggers/etc Code as Another Profile (doAs)
The ability to delegate execution of APEX code under another profile.
Scenario:
Currently a profile that has APEX Enabled turns on a lot of features that may violate business & security practices and should be disabled. Example if you are using an SControl calling APEX webserivces on a standard user, it will fail because APEX is not enabled. If it's enabled the standard user can do lots of stuff they shouldn't. This could violate business and security policies.
Feature:
The feature is the ability on Triggers/Classes/etc, at configuration time, specify a doAs Profile to execute the requested operations with APEX enabled, restricting features to a specific profile (or set of profiles). The consuming profile (standard user) could have privileges to execute the doAs operations, but without receiving all the rights of the privileged profile. The privileged profile could specify the set of profiles that have rights to use it's services. This is very similar to doAs in Java JAAS architecture and is very useful in security and isolation of functionality.
track comments for this idea
- elinkbiz
- acmegx_acmegx
- Francesco23
- EricCH
- erichoward
- rpr2
- cmatthews06262008
POST IDEA