Winter 21 – Restrict Access to @AuraEnabled Apex Methods for Authenticated Users

As the security concerns, we have now the critical updates and its enforced to activated part of Winter 21 Release.

So Admin or Developer to review the critical updates and make sure to enable the @AuraEnabled Apex Methods to relevant Profiles or Permission Set. Before Winter 21 Release a user doesn’t need permission to access an Apex class containing an @AuraEnabled method. As the  security concerns, its now added as a critical update so that a user can access an @AuraEnabled Apex method only when the user’s Profiles or Permission Set allows access to the Apex class. In Winter ’21, its updated automatically activated  the critical update for all salesforce orgs. This critical update enforces user profile restrictions for Apex classes used by Aura Components and Lightning Web Components.

Error in Console:

If you not activated @AuraEnabled Apex Methods to relevant Profiles or Permission Set level then you will received the error in the Aura Components or Lightning Web Components.

Actions Points:-

  • Analyze the changes and identify the list of users who will be affected by the critical updates  (Search your apex class with contains the @AuraEnabled method either from Developer Console or Your favorite IDE and identify the list of Apex Class)
  • Add or Remove the Apex Class from Profile Level (Under the Enabled Apex Class Access Sections)
  • Add or Remove the Apex Class from Permission Set Level (Under Apps -> Apex Class Access Sections)
  • Or Install with AuraEnabled Scanner tool and update the Apex Class to Profiles and Permission Set for the necessary @AuraEnabled Apex Methods

Please Refer the below video to explained the use case with example and also provided the steps to install the AuraEnabled Scanner tool and update the Apex Class to Profiles and Permission Set for the necessary @AuraEnabled Apex Methods.

 

Salesforce Winter 21 Release Date + Preview Information from Salesforce

Reference:-

Release Updates: Enforcement for Profile-Based Access for @AuraEnabled Apex Classes, and More – https://releasenotes.docs.salesforce.com/en-us/winter21/release-notes/rn_lc_crucs.htm
AuraEnabled Scanner Tool – https://admin.salesforce.com/blog/2020/critical-update-ensure-users-have-access-to-auraenabled-methods
Winter 21 Pre-Release Org Signup – https://www.salesforce.com/form/signup/prerelease-winter21/
Get Ready for the Winter ’21 Release – https://developer.salesforce.com/blogs/2020/08/get-ready-for-the-winter-21-release.html

Written by 

Salesforce MVP | Lightning Champion | 17x Salesforce Certified | Application Architect | 7x Trailhead Ranger | Techforce Services | Australia

Leave a Reply

Your email address will not be published. Required fields are marked *

*