Which two features did the development team miss that is causing the problems?

Universal Containers (UC) uses a custom lightning component with an Apex class to display shipment information (custom object, private OWD).

UC sales managers are complaining about two important points:

● Shipment records that belong to their teams can be seen by other users.

● Shipment amount should be visible only by managers, but sales reps are able to view it.

Which two features did the development team miss that is causing the problems? Choose 2 answers.
A . Use runAs in test class to enforce user permissions and field-level permissions.
B . Use With Sharing keyword in Apex classes to enforce sharing rules evaluation.
C . Use is Sharable keyword in Apex classes to assurerecord visibility.
D . Use is Accessible() method in Apex classes to check field accessibility

Answer: B,D

Explanation:

The development team missed two features that are causing the problems:

The With Sharing keyword in Apex classes to enforce sharing rules evaluation. This keyword allows the Apex class to run in the context of the current user and respect the organization’s sharing rules. Without this keyword, the Apex class runs in system mode and ignores the sharing rules, which can result in unauthorized access to records that belong to other users.

The is Accessible() method in Apex classes to check field accessibility. This method returns true if the current user has read access to the specified field, and false otherwise. Without this method, the Apex class does not check the field-level security settings and can display fields that should be hidden from the user, such as the shipment amount.

Reference:

: Using the with sharing or without sharing Keywords

: Enforcing Sharing Rules in Apex

: Schema.DescribeFieldResult Class

: Enforcing CRUD and FLS