ship
SalesForce Simplified

Your Go-To Resource for Streamlined Solutions and Expert Guidance

mountains
Empower Your Business
Dive deep into the world of CRM excellence, where innovation meets practicality, and transform your Salesforce experience with Forceshark's comprehensive resources

How to Verify Custom Permissions in Visualforce Pages

Custom Permissions
Visualforce
Visualforce pages in Salesforce offer a robust platform for creating custom user interfaces, but ensuring secure access to sensitive information is paramount. One effective way to enhance security is by implementing custom permission checks in your Visualforce pages.

Scenario

Consider a financial institution using Salesforce to manage customer information. Within the organization, there is a need to restrict access to sensitive financial data for compliance and privacy reasons. The business wants to ensure that only authorized personnel, such as financial advisors and compliance officers, can view and update certain fields containing sensitive financial details in customer records.

Define Custom Permissions

In Salesforce Setup, custom permissions are created, such as "FSRK_ViewSensitiveData" and "FSRK_EditSensitiveData," representing the ability to view and edit sensitive financial information, respectively.

Assign Custom Permissions

These custom permissions are assigned to specific user profiles or permission sets. Financial advisors may have "FSRK_ViewSensitiveData," while compliance officers have both "FSRK_ViewSensitiveData" and "FSRK_EditSensitiveData."

Visualforce Page for Customer Details

A Visualforce page is designed to display and update customer details. The page includes sections with sensitive financial information that should be accessible only to users with the appropriate permissions.

Implement Custom Permission Checks

In the Visualforce controller, custom permission checks are implemented to control access to sensitive data. For example:

public with sharing class FSRK_CustomerDetailsController {
    public FSRK_Customer__c currentCustomer { get; set; }
    public void init() {
        List customerList = [
            SELECT Id, Name, Email__c, SensitiveField1__c, SensitiveField2__c FROM FSRK_Customer__c LIMIT 1
        ];
        if (!customerList.isEmpty()) {
            currentCustomer = customerList.get(0);
        } else {
            currentCustomer = new FSRK_Customer__c();
            currentCustomer.Name = 'John Doe';
            currentCustomer.Email__c = 'j.doe@forceshark.com';
            currentCustomer.SensitiveField1__c = 'qwe';
            currentCustomer.SensitiveField2__c = 'rty';
            insert currentCustomer;
        }
    }
    public Boolean canEditSensitiveData {
        get {
            return FeatureManagement.checkPermission('FSRK_EditSensitiveData');
        }
    }
    public void saveCustomerDetails() {
        update currentCustomer;
    }
}

Conditional Rendering in Visualforce

Sections displaying sensitive financial information are conditionally rendered based on the user's custom permissions. If a user lacks the required permission, the corresponding section is hidden or displayed as read-only.

<apex:page id="FSRK_CustomerDetails" controller="FSRK_CustomerDetailsController" action="{!init}">
    <apex:form>
        <!-- Header Section -->
        <apex:pageBlock title="Customer Details">

            <!-- General Information -->
            <apex:pageBlockSection title="General Information">
                <apex:outputField value="{!currentCustomer.Name}" />
                <apex:outputField value="{!currentCustomer.Email__c}" />
                <!-- Add other non-sensitive fields as needed -->
            </apex:pageBlockSection>

            <!-- Sensitive Financial Information - Display Only -->
            <!-- Custom permission can be checked using the expression
                 {!$Permission.FSRK_ViewSensitiveData} without a controller. -->
            <apex:outputPanel rendered="{!$Permission.FSRK_ViewSensitiveData}">
                <apex:pageBlockSection title="Sensitive Financial Information">
                    <apex:outputField value="{!currentCustomer.SensitiveField1__c}" />
                    <apex:outputField value="{!currentCustomer.SensitiveField2__c}" />
                </apex:pageBlockSection>
            </apex:outputPanel>

            <!-- Sensitive Financial Information - Editable -->
            <!-- Custom permission can be checked using a controller -->
            <apex:pageBlockSection title="Edit Sensitive Financial Information" rendered="{!canEditSensitiveData}">
                <apex:inputField value="{!currentCustomer.SensitiveField1__c}" />
                <apex:inputField value="{!currentCustomer.SensitiveField2__c}" />
            </apex:pageBlockSection>

            <!-- Save Button (Rendered only for users with edit permission) -->
            <apex:commandButton value="Save" action="{!saveCustomerDetails}" rendered="{!canEditSensitiveData}" />

        </apex:pageBlock>
    </apex:form>
</apex:page>

Please note that the example illustrates two methods for checking the presence of custom permissions:

  • Custom permission can be checked using the expression {!$Permission.FSRK_ViewSensitiveData} without a controller.
  • Custom permission can be checked using the APEX controller using FeatureManagement.checkPermission('FSRK_EditSensitiveData')

    • User Experience

    Financial advisors can view sensitive financial data but are restricted from making edits. Compliance officers, with the necessary permissions, can both view and edit these fields. Other users, lacking the view permission, won't even see the sensitive information sections.

    Conclusion

    By combining custom permissions with Visualforce pages, the financial institution establishes a controlled access mechanism for sensitive customer data. This ensures compliance with privacy regulations while allowing authorized personnel to efficiently manage and update the necessary financial details within Salesforce.