Batch job - add the read permissions to the managed fields
Salesforce allows developers and administrators to control access to data at the field level. Field-level security (FLS) allows administrators to define the profiles that can see and write to most fields of standard and custom objects. As part of the security review, Salesforce has recommended adding field-level security to all the queries.
To ensure that field-level securities are added, Q2 Origination has added the WITH SECURITY_ENFORCED keyword to all the static queries.
This keyword enables Salesforce to validate if fields and objects being queried are read accessible by the user who is performing an action. If not accessible, then it displays the following error message: Insufficient permissions and action is terminated.
For example, after adding the WITH SECURITY_ENFORCED keyword, when you run a process such as a job or an API, and if certain fields do not have the read access granted to the profile in which these processes are running, then the process fails with an error messages stating, Inaccessible field being queried.
With the April 2024 release, users can now execute the MarkFieldsAccessibleJob to provide permission to all the fields to the passed profile id or permission set.
Prerequisites
None.
Steps
To add the read permissions to the managed fields, perform the following steps:
Log in to your Salesforce account.
Go to Developer Console > Debug > Open Execute Anonymous window.
Run the following script by passing the profile ID/permission set ID:
ScriptGenesis.MarkFieldsAccessibleJob job = new genesis.MarkFieldsAccessibleJob(profileId/permissionsetid); //where profileId/permissionsetid is of Id type
Database.executeBatch(job);