The Hidden Permission Bug That Affects 90% of Salesforce Orgs

Introduction

As a senior Salesforce administrator, I have encountered numerous issues that can significantly impact the security and performance of your organization's Salesforce instance. One such issue is a hidden permission bug that affects approximately 90% of Salesforce orgs. This problem revolves around the use of custom permissions without properly defining them in profiles or permission sets. Let’s dive into this critical issue, its implications, and how to address it.

The Problem: Custom Permissions Without Proper Definition

What are Custom Permissions?

Custom permissions are a way for developers to create specific capabilities that can be granted to users through profiles or permission sets. They allow for fine-grained control over functionality within the Salesforce platform. However, without proper definition and management, these custom permissions can lead to security vulnerabilities.

The Hidden Bug

The hidden bug lies in the fact that if a custom permission is not properly defined (i.e., it's created but never assigned), it can still be granted through SOQL queries or Apex code. This means that even though you have no explicit definition of this permission, users might still have access to features or data they shouldn’t.

Real-World Impact

Imagine a scenario where an internal developer creates a custom permission called CanAccessConfidentialData. However, due to oversight, it is not assigned to any profiles or permission sets. Later on, a junior developer writes a SOQL query that grants this permission implicitly through the use of a governor limit check.

// Example SOQL Query
SELECT Id FROM Account WHERE CanAccessConfidentialData = true;

In this case, users who are part of the group that runs this Apex code will suddenly have access to confidential data they were not supposed to see. This can lead to significant security breaches and potential legal issues.

Identifying the Issue

SOQL Queries and Custom Permissions

To identify instances where custom permissions might be causing issues, you need to look for SOQL queries or Apex code that check against custom permission settings but do not explicitly define them in profiles or permission sets. Here is a real-world example of such a query:

// Example SOQL Query with Custom Permission Check
SELECT Id FROM Account WHERE HasCustomPermission = true;

In this case, the HasCustomPermission field could be misleading if it refers to a custom permission that has not been properly defined. The presence of such a check without proper definition can lead to unintended access.

Apex Code and Custom Permissions

Another common scenario is where custom permissions are used in Apex code but not explicitly managed through profiles or permission sets:

// Example Apex Code with Custom Permission Check
public class AccountAccessController {
    public Boolean hasPermission(Account acc) {
        return UserInfo.hasPerm('CanAccessConfidentialData');
    }
}

In this example, hasPerm is used to check if the current user has a custom permission. However, if this permission is not defined in any profile or permission set, it can lead to unexpected behavior.

Steps to Mitigate the Issue

1. Audit Custom Permissions

Firstly, you need to audit all custom permissions within your org. This involves listing out every custom permission and verifying that it has been properly assigned:

// SOQL Query to List All Custom Permissions
SELECT Id, Name FROM PermissionSet WHERE Type = 'Custom';

2. Assign Custom Permissions

Next, ensure that each custom permission is explicitly defined in at least one profile or permission set. This step ensures that there are no hidden permissions causing security issues:

// Example SOQL Query to Assign a Custom Permission to a Profile
INSERT INTO PermissionSetAssignment (PermissionSetId, AssigneeId) VALUES ('0PS1234567890abcdef', '0051234567890abcdef');

3. Review SOQL Queries and Apex Code

Thoroughly review all SOQL queries and Apex code that check against custom permissions to ensure they are properly managed:

// Example of Proper Custom Permission Check in Apex
public class AccountAccessController {
    public Boolean hasPermission(Account acc) {
        return UserPermissions.CanAccessConfidentialData;
    }
}

4. Implement Monitoring

Use monitoring tools like the Org Scanner (https://orgscanner.dev/?utm_source=devto&utm_medium=content&utm_campaign=free_blitz) to continuously monitor for any unexpected custom permission usage:

// SOQL Query with Org Scanner Integration
SELECT Id, Name FROM PermissionSet WHERE Type = 'Custom' AND AssigneeId IN :UserPermissions.getAssignments();

Conclusion

The hidden permission bug is a critical issue that can compromise the security of your Salesforce org. By auditing custom permissions, ensuring proper definitions, reviewing SOQL queries and Apex code, and implementing monitoring tools like Org Scanner, you can mitigate this risk effectively.

Try the free scanner at https://orgscanner.dev/?utm_source=devto&utm_medium=content&utm_campaign=free_blitz

By taking these steps, you will not only enhance the security of your Salesforce org but also ensure that your data remains protected and compliant with organizational policies.