Skip to main content

Salesforce Winter ’20 Release Notes(Critical Updates and Security Alerts) - Summary

Summary - Salesforce Winter ’20 Release

  1. Critical Updates and Security Alerts
  • Enable ICU( International Components for Unicode) Locale Formats (Critical Update)
  • Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile
  • Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile
  • Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing
  • Enforce Access Modifiers on Apex Properties in Lightning Component Markup
  • Enable Partial Save for Invocable Actions
Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile
 A guest, portal, or community user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This critical update enforces user profile restrictions for Apex classes used by Aura and Lightning web components.

Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile
An authenticated user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This critical update enforces user profile restrictions for Apex classes used by Aura and Lightning web components.

Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing
This critical update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing.
Note: This critical update applies only to orgs created after Spring ’18 or orgs that activated the retired “Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing” critical update that had the opposite effect and set the default to without sharing.

Enforce Access Modifiers on Apex Properties in Lightning Component Markup
This critical update makes Lightning components consistent with the usage of Apex properties in other contexts. For example, a markup expression can no longer access an Apex property with a private Apex getter.
Example : 
issue :- 
@AuraEnabled
 public Integer counter { private/protected get; set; }

Aura component/LWC can’t access the private/protected getter.
fix :-
@AuraEnabled
public Integer counter { get; set; }

Enable Partial Save for Invocable Actions
It only affects external REST API calls to invocable actions done in bulk. With this update, when invoking a set of actions in a single request, a single failed invocable action no longer causes the entire transaction to fail. Without this update, if a single invocable action fails, other invocable actions within the transaction are rolled back and the entire transaction fails.
Note : Most invocable action types that are invoked via REST API are enabled with the partial save functionality. However, even with this critical update, the following action types don’t support partial save functionality:

  • Cancel Fulfillment Order
  • Cancellation Orders
  • Capture Funds
  • Content Workspaces
  • Create Fulfillment Order
  • Create Invoice from Fulfillment Order
  • Create Service Report
  • External Services
  • Generate Work Orders
  • Invocable Apex
  • Skills-based Routing
  • Submit Digital Form Response
New Security Alerts

Automatically Assign Records Created by Guest Users to a Default Owner (Security Alert)
Set up your org so that guest users are no longer automatically the owner of records they create. Instead, when a guest user creates a record, the record is assigned to a default active user in the org, who becomes the owner.

 View All Users and Other Permissions Disabled in Guest User Profiles 
Guest users typically don’t need access to view all users in a Salesforce org, the View All Users permission has been disabled in guest user profiles. If you have an org created before Winter ’20, we recommend that you check guest user access and deselect the View All Users permission in all your guest user profiles. To enhance security, we also removed these permissions from the guest user profile: Can Approve Feed Post and Comments, Enable UI Tier Architecture, Remove People from Direct Messages, View Topics, and Send Non-Commercial Email.

 Secure Guest Users’ Org-Wide Defaults and Sharing Model (Security Alert)
To increase the security of your Salesforce data, we‘re enforcing private org-wide defaults for guest users. We’re also restricting the sharing mechanisms that you can use to grant record access to guest users. If you have an org created before Winter ’20, we recommend that you review the external org-wide defaults, public groups, queues, and manual sharing that you use to grant access to guest users. Then replace the access previously granted by these sharing mechanisms with guest user sharing rules before the security alert is enforced.

 Community Nicknames (Security Alert)

Starting in Winter ’20, community nicknames are enabled by default for new communities and no longer based on user names.
Labels:

Comments

Post a Comment

Popular posts from this blog

Maintain Your Administrator Certification for Spring ’24

Maintain Your Administrator Certification for Spring ’24 Intelligence Views Intelligence views are now available for leads, contacts, and accounts in Sales Cloud. Turn on a view in Setup and then add the Intelligence View button to the view-button layout for the applicable page. New Salesforce organizations include the views by default, but admins for existing orgs can enable: Lead Intelligence View Contact Intelligence View Account Intelligence View Find specifics about these views in the next three topics. Turn on Contact Intelligence View in Contact Intelligence View Setup and add the Intelligence View button to the Contact List View button layout. To view engagement metrics, enable Email Tracking in the Inbox section of Sales Engagement Setup. To see the Intelligence View, users go to the Contact home page and click Intelligence View. To view engagement metrics, choose Engagement Metrics from the Metrics menu. To see the Account Intelligence view, go to the account home page and cl
Post a Comment
Read more

Administrator Certification Maintenance (Spring '23)

 Maintain Your Administrator Certification for Spring '23 1. What information is listed in the Details panel for recently used reports? Answer: A, B, C 2. What is used to give sales reps access to a guided process to import contacts and leads? Answer:  Sample CSV file 3. Which feature efficiently removes inactive picklist values? Answer: Bulk Delete Unused Values 4. Which type of Process Builder processes can be converted using the Migrate to Flow tool? Answer: Record-triggered Get Hands-on with Enhance Record Pages With Dynamic Forms Follow steps show in Screenshot also highlighted with Red Box:
Post a Comment
Read more

Platform App Builder Certification Maintenance (Winter '24)

 Maintain Your Platform App Builder Certification for Winter ’24 The Enable Reactive Components for Screen Flows running API Version 57.0 and 58.0 setting expires in Winter ’25. Before that release, upgrade your flows to run on API version 59.0 or later to take advantage of reactive components. Build Screen Flows with Reactive Global Variables Save time by referencing global variables in reactive formulas on flow screens. Use custom labels in reactive formulas to display translatable text to your users. For example, create a custom setting called DiscountPercentage, which specifies org, profile, and user discount percentages. Reference the variable in reactive formulas across a screen flow. The screen flow applies the correct discount value for the user running the flow and recalculates the value as the user makes changes.   Build Screen Flows with Reactive Selections Use choice components to respond to user selections elsewhere on the same screen. For example, on a flow screen used fo
Post a Comment
Read more

Translate