function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Ty WhitfieldTy Whitfield 

How do you secure (lock down) objects for specific users when using the API

We have a department that needs to utilize the API to update Cases and EmalMessage Objects in Salesforce but I do not want them have access to any other objects.

Is there a way to grant them the ability to use the WSDL/API but restrict their access to just those objects?
Best Answer chosen by Ty Whitfield
Ty WhitfieldTy Whitfield
Thanks.  Yes they do have their own unique user names/profiles and I have updated their profiles.  It appears that is working as they didn't have access to specific objects/fields based upon profile.  Thanks again.

All Answers

fifedog15fifedog15
Ty - are you using a single integration user to authenticate those users from the API or do they have their own unique user names?  Eiether way you can lock down their access via the profile.  Then in your apex code be sure you're using 'with sharing'.  Also you can utilize the isAccessable method to check via APEX if they have access to an object.
Ty WhitfieldTy Whitfield
Thanks.  Yes they do have their own unique user names/profiles and I have updated their profiles.  It appears that is working as they didn't have access to specific objects/fields based upon profile.  Thanks again.
This was selected as the best answer
fifedog15fifedog15
@ty it would be great if you could mark my answer as best, since this was what helped.  Helps in my profile score ;)