Winter ’21 is just around the corner and will include a critical update that could impact any page leveraging a custom component. As a Salesforce Admin, you’ve probably noticed this alert in your Security Alerts (Setup | Security | Security Alerts) and might have overlooked this. But because it involves permissions and user management, we want to make sure you can take action.
This update will be automatically enforced with Winter ’21 and steps should be completed by August 8, 2020.
What’s changing?
Currently, a user doesn’t need permission to access an Apex class containing an @AuraEnabled method. Following the “secure by default” approach, we added a critical update so that a user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. In Winter ’21, we’ll automatically activate the critical update for all orgs. This critical update enforces user profile restrictions
Leave a Reply