function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Mahesh Babu 3Mahesh Babu 3 

Object permissions are not consider in the Rest API class in Salesforce site

Hi , I created a Salesforce site , to make a rest api call from out side website. Even if stop the object permission my rest api class can create records to the objects. Where as my normal class not allowing to create records in the object with out permission. Also i try to set field level permissions. How to make the rest api class to obey the object permissions ? Below is the code i used  @RestResource(urlMapping='/myservice')
global with sharing class MyService  {                  
@HttpPost            
global static void doPost()          
{            
I will get the Json string from other site and insert into my custome object.  If i remove the permission of the object it should not create records. }
}
bob_buzzardbob_buzzard
Per the docs at :

https://www.salesforce.com/us/developer/docs/apexcode/Content/apex_rest_exposing_data.htm

--- snip ---

Apex class methods that are exposed through the Apex REST API don't enforce object permissions and field-level security by default. We recommend that you make use of the appropriate object or field describe result methods to check the current user’s access level on the objects and fields that the Apex REST API method is accessing.

--- snip ---