+ Start a Discussion
Prosenjit Sarkar 7Prosenjit Sarkar 7 

What is the need of permission for visualforce & apex classes in profiles ? Can any boby help me with a proper example ?

Best Answer chosen by Prosenjit Sarkar 7
A Dev in NZA Dev in NZ

Consider a direct URL to your visualforce page (Not an override), you can't always use overrides and hence the need for vf permissions. You can't always use a standard controller.
Salesforce has to provide a lot of functionality, the scenario you provided in your second question is just 1 very small example of security. And in your scenario you used the object permission to prevent edit. But what if you want that profile to be able to use the standard edit page but not the custom edit page. There are so many scenarios.

The best way to answer the question you did not ask, would be to ask you what you are trying to achieve, which of course would open up many more questions. This is what called requirements gathering.
It really depends on your whole solution, as to which security feature you should use.

If you do not want the profile to edit then yes lock down edit.
if you want to prevent the profile from accessing the page then lock down the page.
If you want different profile to have different VF pages then use a redirect page to control which profiles get which page.
You can even override an edit page pass the user to a reirect page and send then back to the standard edit page with nooverirde=1 and they will get to the standard edit page.

Consider the way you have asked the question. you asked "What is the need of permission for vf & apex classes in profiles? My same answer applies.
 

All Answers

A Dev in NZA Dev in NZ

VisualForce Permission allows the User access to the page, without it the page wont render, the apex controller permission is then inherited. (you don't need specific permission to the apex, because it is automatic from the visualforce.) To prove this remove the controller from your permission the page will still work.

Web Services: you would need apex permission to enable these.

Triggers do not need apex permission.

 

Prosenjit Sarkar 7Prosenjit Sarkar 7

Hi, A Dev in NZ, I know this all. I need to know why there is a need of giving permission to visualforce in salesforce.

Suppose there is a overridden edit page and I have uncheck the edit permission from the profile for that object. So, end user can't access this page. Here I don't have to do anaything with visualforce permisson. So why salesforce has given this functionality. Of-course there is some that I can't find and that was my question.

Ajay K DubediAjay K Dubedi
Heloo Dada,
Open this link to understand more about permission set for profiles.
https://help.salesforce.com/apex/HTViewHelpDoc?id=pages_page_level_security.htm
Due to security needs, if admin wants that a particular Visualforce pages should not be visible to any profile user. To do this the admin can enable or disable the pages. This is used where we want to give permission for any object but restrict access to the vf page.
A Dev in NZA Dev in NZ

Consider a direct URL to your visualforce page (Not an override), you can't always use overrides and hence the need for vf permissions. You can't always use a standard controller.
Salesforce has to provide a lot of functionality, the scenario you provided in your second question is just 1 very small example of security. And in your scenario you used the object permission to prevent edit. But what if you want that profile to be able to use the standard edit page but not the custom edit page. There are so many scenarios.

The best way to answer the question you did not ask, would be to ask you what you are trying to achieve, which of course would open up many more questions. This is what called requirements gathering.
It really depends on your whole solution, as to which security feature you should use.

If you do not want the profile to edit then yes lock down edit.
if you want to prevent the profile from accessing the page then lock down the page.
If you want different profile to have different VF pages then use a redirect page to control which profiles get which page.
You can even override an edit page pass the user to a reirect page and send then back to the standard edit page with nooverirde=1 and they will get to the standard edit page.

Consider the way you have asked the question. you asked "What is the need of permission for vf & apex classes in profiles? My same answer applies.
 

This was selected as the best answer
Prosenjit Sarkar 7Prosenjit Sarkar 7
Thanks a lot @A Dev in MZ, this could be the best answer :)