Security and Platform Limits
Security and Platform Limits
Financial Planner follows AppExchange security expectations: user-mode data access, field-level stripping at boundaries, and least-privilege permission sets.
CRUD and FLS
- Subscriber-facing SOQL uses
WITH USER_MODEwhere applicable. -
UI payloads pass through
Security.stripInaccessibleorFinPlan_SecurityUtil.stripInaccessible. - User-scoped DML uses
Database.insert/update(..., AccessLevel.USER_MODE).
If charts or inputs appear empty for some users but not others, suspect field-level security on projection or input objects before assuming an orchestration bug.
Permission model
| Layer | Mechanism |
|---|---|
| Package permission sets | FinPlan_User, FinPlan_Admin |
| Custom permissions | Clear_Financial_Plan_Input_Data for destructive clear UI |
| Record sharing | Standard Financial Plan sharing plus org sharing rules |
Logging and data exposure
- No credentials, tokens, or full projection JSON in
System.debugon subscriber paths. - User-facing Apex throws
AuraHandledExceptionwith safe messages—not stack traces. - Observability custom metadata gates diagnostic verbosity for admins.
Governor and scale limits
| Concern | Behavior |
|---|---|
| Long calculations | Chunked queueable chains; may take minutes on very large plans |
| Async queue depth | Org-wide queueable limits can delay starts—monitor Setup → Apex Jobs |
| Platform Cache | Optional; 2 MB partition per org defaults—fallback when unavailable |
| Monte Carlo | Separate chunked jobs; additional async consumption |
| Export/import | Large plans produce large CSVs—browser download limits apply |
External connectivity
Normal operation requires no outbound HTTP callouts, named credentials, or remote site settings. All business logic executes in Apex within the subscriber org.
PMD and Code Analyzer expectations
Packaged releases run Salesforce Code Analyzer with AppExchange and security rule sets. Unexplained
ApexCRUDViolation suppressions are avoided on outward-facing services. Install/uninstall handlers
follow packaged patterns documented in app-exchange-readiness materials.
Related: Permissions and Setup, Platform Administration.