Stratus Cloud Solutions Stratus Docs
Documentation / Financial Planner User Guide / Advanced Reference
Page 22 of 23

Security and Platform Limits

Security and Platform Limits

Financial Planner follows AppExchange security expectations: user-mode data access, field-level stripping at boundaries, and least-privilege permission sets.

CRUD and FLS

  • Subscriber-facing SOQL uses WITH USER_MODE where applicable.
  • UI payloads pass through Security.stripInaccessible or FinPlan_SecurityUtil.stripInaccessible.
  • User-scoped DML uses Database.insert/update(..., AccessLevel.USER_MODE).

If charts or inputs appear empty for some users but not others, suspect field-level security on projection or input objects before assuming an orchestration bug.

Permission model

Layer Mechanism
Package permission sets FinPlan_User, FinPlan_Admin
Custom permissions Clear_Financial_Plan_Input_Data for destructive clear UI
Record sharing Standard Financial Plan sharing plus org sharing rules

Logging and data exposure

  • No credentials, tokens, or full projection JSON in System.debug on subscriber paths.
  • User-facing Apex throws AuraHandledException with safe messages—not stack traces.
  • Observability custom metadata gates diagnostic verbosity for admins.

Governor and scale limits

Concern Behavior
Long calculations Chunked queueable chains; may take minutes on very large plans
Async queue depth Org-wide queueable limits can delay starts—monitor Setup → Apex Jobs
Platform Cache Optional; 2 MB partition per org defaults—fallback when unavailable
Monte Carlo Separate chunked jobs; additional async consumption
Export/import Large plans produce large CSVs—browser download limits apply

External connectivity

Normal operation requires no outbound HTTP callouts, named credentials, or remote site settings. All business logic executes in Apex within the subscriber org.

PMD and Code Analyzer expectations

Packaged releases run Salesforce Code Analyzer with AppExchange and security rule sets. Unexplained ApexCRUDViolation suppressions are avoided on outward-facing services. Install/uninstall handlers follow packaged patterns documented in app-exchange-readiness materials.

Related: Permissions and Setup, Platform Administration.