PDI Question #82: Real Exam Question with Answer & Explanation

Question

A developer is creating a Lightning web component to showa list of sales records. The Sales Representative user should be able to see the commission field on each record. The Sales Assistant user should be able to see all fields on the record except the commission field. How should this be enforced so that the component works for both users without showing any errors?

Options

• AUse WITH SECURITY_ENFORCED in the SOQL that fetches the data for the component.
• BUse Security. stripInaccessible to remove fields inaccessible to the current user.
• CUse Lightning Data Service to get the collection of sales records.
• DUse Lightning Locker Service to enforce sharing rules and field-level security.

Explanation

To handle varying field-level security for different users within a Lightning Web Component, the developer should use Security.stripInaccessible to dynamically remove fields that the current user cannot access.

Common mistakes.

• A. WITH SECURITY_ENFORCED in SOQL enforces object and field-level security at the query level, throwing an error if the user lacks access to an object or field, rather than dynamically stripping inaccessible fields for display, which would cause errors for the Sales Assistant user.
• C. Lightning Data Service handles data operations but does not automatically enforce field-level security in a way that gracefully removes inaccessible fields for display without throwing errors if the component tries to render them.
• D. Lightning Locker Service enforces security for JavaScript code isolation and secure access to browser resources within Lightning components; it does not directly enforce or dynamically strip field-level security for data retrieved from Apex.

Concept tested. Field-Level Security in Apex and LWC

Reference. https://developer.salesforce.com/docs/atlas.en-us.apexref.meta/apexref/apex_class_Security.htm#apex_Security_stripInaccessible

No community discussion yet for this question.