𝗬𝗼𝘂𝗿 𝗔𝗽𝗲𝘅 𝗠𝗶𝗴𝗵𝘁 𝗥𝗲𝘁𝘂𝗿𝗻 𝗙𝗲𝘄𝗲𝗿 𝗥𝗲𝗰𝗼𝗿𝗱𝘀 𝗶𝗻 𝗦𝘂𝗺𝗺𝗲𝗿 '𝟮𝟲
Salesforce Summer '26 (API v67.0) brings a major change to Apex. This change can alter your code results without throwing an error.
For years, Apex ran in system mode by default. This meant SOQL, SOSL, and DML ignored user permissions and sharing rules. Your code could show data to users who should not see it.
In API v67.0, the default flips. Database operations now run in user mode.
What changes in v67.0:
• SOQL, SOSL, and DML enforce user permissions and sharing rules by default. • Classes with no sharing declaration now default to "with sharing." • "WITH SECURITY_ENFORCED" is removed. You must use "WITH USER_MODE" instead. • Triggers always run in system mode.
This change is tied to the API version of your class. Your old classes stay the same until you upgrade them to 67.0. This lets you control the migration.
Watch out for these silent issues:
- Fewer records in queries: A query might return 40 rows instead of 500 because the user lacks access. This causes wrong totals and bad reports.
- Compilation errors: "WITH SECURITY_ENFORCED" will fail to compile on the new version.
- Integration failures: Integration users might lose access to data they need for automated jobs.
- Sharing changes: Classes that relied on no sharing declaration will now enforce sharing.
How to migrate safely:
- Inventory your code: Search for "WITH SECURITY_ENFORCED" and classes without sharing declarations.
- Test in a sandbox: Update high-risk classes like controllers and REST endpoints first.
- Use System.runAs(): Do not just trust passing tests. Test with restricted users to check data visibility.
- Be intentional: Only use "SYSTEM_MODE" or "without sharing" when you have a specific reason.
Making these changes now prevents silent production bugs later.
Optional learning community: https://t.me/GyaanSetuAi