Apex Code Development You need to sign in to do that
Don't have an account?
gslater Web service with sharing?
I want the queries in my web service to only return the results to which the logged-in user has access.
I know I can use the with sharing keyword in a global class.
However the docs state "Because these rules aren't enforced, developers who use Apex must take care that they don't inadvertently expose sensitive data that would normally be hidden from users by user permissions, field-level security, or organization-wide defaults. They should be particularly careful with Web services, which can be restricted by permissions, but execute in system context once they are initiated."
Does this mean that webservices always return all records when queries are performed?
Web Service class is usually accessed using the session token of the user provided in your application, which is usually a full access account. I would suggest you to filter based on the specific users email id or other relationships
if you can provide more details on what you're trying to accomplish we may be able to provide better direction
Hi,
The "with sharing" keyword means that only Sharing rules is going to applied for the current user. However the FLS, Encrypted data etc are ignored in Apex so that it can be used in code for processing purpose.