While developing an Apex class with custom search functionality that will be launched from a Lightning Web Component, how can the developer ensure only records accessible to the currently logged in user are displayed?

While developing an Apex class with custom search functionality that will be launched from a Lightning Web Component, how can the developer ensure only records accessible to the currently logged in user are displayed?
A . Use the inherited sharing keyword.
B . Use the WITH SECURITY_ENFORCED clause within the SOQL.
C . Use the with sharing keyword.
D . Use the without sharing keyword.

View Answer

Answer: C

Explanation:

To ensure that only records accessible to the currently logged-in user are displayed when developing an Apex class for custom search functionality launched from a Lightning Web Component (LWC), the developer should use the with sharing keyword.

with sharing Keyword: This keyword enforces the sharing rules of the current user, ensuring that the Apex class respects the user’s record-level access permissions. When an Apex class is declared with with sharing, it enforces sharing rules, meaning users can only access records they have permission to see.

"Use the with sharing keyword when declaring a class to enforce the sharing rules that apply to the current user."

― Apex Developer Guide: Using the with sharing or without sharing Keywords

Importance in LWCs: Lightning Web Components invoke Apex methods annotated with @AuraEnabled, which execute in system context by default. Without specifying sharing, these methods can access all records, potentially exposing data that the user shouldn’t see.

"By default, Apex code runs in system context; that is, the current user’s permissions and field-level security do not apply."

― Apex Developer Guide: Enforcing Sharing Rules

Why Not inherited sharing: While inherited sharing allows an Apex class to run in the sharing context of the caller, in this scenario, since the LWC does not have an inherent sharing context, using with sharing explicitly ensures sharing rules are enforced.

WITH SECURITY_ENFORCED Clause: This SOQL clause enforces field-level security (FLS) and object-level security (OLS), not record-level sharing rules. Therefore, it does not restrict records based on the user’s sharing settings.

"The WITH SECURITY_ENFORCED clause applies object-level and field-level security checks to SOQL queries to ensure that users don’t see fields or objects they don’t have access to."

― SOQL and SOSL

Reference: WITH SECURITY_ENFORCED Clause

Conclusion: By declaring the Apex class with with sharing, the developer ensures that only records the user has access to are returned, aligning with the requirement.