ExamTopics Logo
Mail Us[email protected]
Menu
Salesforce Discussions
exam questions

Exam CRT-450 All Questions

View all questions & answers for the CRT-450 exam
Go to Exam

Exam CRT-450 topic 1 question 58 discussion

Actual exam question from Salesforce's CRT-450
Question #: 58
Topic #: 1
[All CRT-450 Questions]

A developer needs to create a Visualforce page that displays Case data. The page will be used by both support reps and support managers. The Support Rep profile does not allow visibility of the Customer_Satisfaction__c field, but the Support Manager profile does.
How can the developer create the page to enforce Field Level Security and keep future maintenance to a minimum?

  • A. Create one Visualforce Page for use by both profiles.
  • B. Use a new Support Manager permission set.
  • C. Create a separate Visualforce Page for each profile.
  • D. Use a custom controller that has the with sharing keywords.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Arentalon at Aug. 19, 2021, 4:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Arentalon
Highly Voted 2 years, 4 months ago
With sharing keywords are used to configure sharing settings, not field settings. So in my opinion it should be A.
upvoted 8 times
...
BarbBarb
Highly Voted 2 years ago
Selected Answer: A
Sharing has nothing to do with field level security so D is not correct. Based on developer.salesforce.com/wiki/enforcing_crud_and_fls When rendering VisualForce pages, the platform will automatically enforce CRUD and FLS when the developer references SObjects and SObject fields directly in the VisualForce page. Therefore all that's needed is to create one visualforce component and it will automatically handle the field visibility
upvoted 7 times
...
XSOBYX
Most Recent 7 months, 3 weeks ago
D is the correct option::Custom controllers and controller extension classes execute in system mode, so they ignore user permissions and field-level security. However, you can choose whether they respect a user's organization-wide defaults, role hierarchy, and sharing rules by using the with sharing keywords in the class definition. For information, see “Using the with sharing, without sharing, and inherited sharing Keywords” in the Apex Developer Guide.
upvoted 1 times
XSOBYX
7 months, 3 weeks ago
My bad ..D is incorrect because the custom controller provided record-level security but not field-level.
upvoted 3 times
...
...
Xx_Panda_xX
1 year ago
Selected Answer: A
Sharing has nothing to do with field level security so D is not correct. Based on developer.salesforce.com/wiki/enforcing_crud_and_fls When rendering VisualForce pages, the platform will automatically enforce CRUD and FLS when the developer references SObjects and SObject fields directly in the VisualForce page. Therefore all that's needed is to create one visualforce component and it will automatically handle the field visibility
upvoted 1 times
...
ApexMike
1 year, 3 months ago
A is correct. Custom Controller does not respect object permission or record access. https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_controller_def.htm
upvoted 1 times
...
noox
1 year, 11 months ago
Selected Answer: A
VF page handle field visility by default
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel