+ Start a Discussion

How to Restrict API access to custom object

Our organization has defined a custom object in our managed package, to be added at a SalesForce organization upon installation.


However, this custom object stores sensitive data, which is supposed to be used *only* by the classes and pages in the managed package.


We would like to know if there is a way to configure the security in the package (or in the target organization, after installation) such that:


1) The custom object can not be accessed by classes and pages outside the managed package. 


2) The custom object data can not be browsed by OQL queries sent through the Apex Web Services API.

Best Answer chosen by Admin (Salesforce Developers) 
There currently isn't a way to do this, although you should check out custom settings in our next release.  I think it will do what you are wanting.  Look for more info in the coming weeks on www.successforce.com.