Winter 21 – Restrict Access to @AuraEnabled Apex Methods for Authenticated Users
As the security concerns, we have now the critical updates and its enforced to activated part of Winter 21 Release.
So Admin or Developer to review the critical updates and make sure to enable the @AuraEnabled Apex Methods to relevant Profiles or Permission Set. Before Winter 21 Release a user doesn’t need permission to access an Apex class containing an @AuraEnabled method. As the security concerns, its now added as a critical update so that a user can access an @AuraEnabled Apex method only when the user’s Profiles or Permission Set allows access to the Apex class. In Winter ’21, its updated automatically activated the critical update for all salesforce orgs. This critical update enforces user profile restrictions for Apex classes used by Aura Components and Lightning Web Components.
Error in Console:
If you not activated @AuraEnabled Apex Methods to relevant Profiles or Permission Set level then you will received the error in the Aura Components or Lightning Web Components.
- Analyze the changes and identify the list of users who will be affected by the critical updates (Search your apex class with contains the @AuraEnabled method either from Developer Console or Your favorite IDE and identify the list of Apex Class)
- Add or Remove the Apex Class from Profile Level (Under the Enabled Apex Class Access Sections)
- Add or Remove the Apex Class from Permission Set Level (Under Apps -> Apex Class Access Sections)
- Or Install with AuraEnabled Scanner tool and update the Apex Class to Profiles and Permission Set for the necessary @AuraEnabled Apex Methods
Please Refer the below video to explained the use case with example and also provided the steps to install the AuraEnabled Scanner tool and update the Apex Class to Profiles and Permission Set for the necessary @AuraEnabled Apex Methods.
Release Updates: Enforcement for Profile-Based Access for @AuraEnabled Apex Classes, and More – https://releasenotes.docs.salesforce.com/en-us/winter21/release-notes/rn_lc_crucs.htm
AuraEnabled Scanner Tool – https://admin.salesforce.com/blog/2020/critical-update-ensure-users-have-access-to-auraenabled-methods
Winter 21 Pre-Release Org Signup – https://www.salesforce.com/form/signup/prerelease-winter21/
Get Ready for the Winter ’21 Release – https://developer.salesforce.com/blogs/2020/08/get-ready-for-the-winter-21-release.html