Use cases addressed with Apex/Lightning component

Use case - Lightning component listing product information about max discount allowed for each product. This field should be available only to the Sales Managers and not to the Sales Reps.

Solution:

Use StripInaccessible method in Apex. It will return the same list of results for every user but strips inaccessible fields for the running user.

public class ProductManager{

public static List<product2> getProducts(){

List<product2> allProduts = [select Name, Max_Dis_Allowed__c from Product2];

//Check which fields are readable, and remove the ones that are not

SObjectAccessDecision readPrdts = Security.stripInaccessible(AccessType.READABLE, allProducts);

//return the records minus the stripped fields

return readPrdts.getRecords();

}

}

Use case - Lightning component that displays opportunity records and the deal size field. The lightning component should be visible to all users but the deal size field should be visible to users with profile 'Manager'.

Solution:

Set the deal size field with visibility only to Manager

In the Service side controller the soql should be entered as follows:

public class OppManager{

public List<Opportunity> getDeals(){

return [select name, deal__c from Opportunity WITH_SECURITY_ENFORCED];

}

}