I have a visualforce page 'TestPage' which has access to all the profiles in my organization(say A,B and C). This page has a controller 'TestController'. This controller has access only to two profiles in my Org(say A and B). The controller looks like
public without sharing class TestController
{
}
But when I tried to login as a user with profile C and view the page, it is working fine and displaying the data that gets from the controller. But this profile C doesn't have access to the controller 'TestController'.
Can any one please explain what happens in this scenario?
Attribution to: Priyanka
Possible Suggestion/Solution #1
The reason for this is that giving a profile access to the page automatically grants access to any apex that the page relies on.
There's full details at: https://na6.salesforce.com/help/doc/en/pages_page_level_security.htm
Attribution to: Bob Buzzard
Possible Suggestion/Solution #2
Apex Class security doesn't matter in terms of loading a visualforce page. This comes into play if you're exposing the class as a webservice, to the ajax toolkit, and possibly javascript remoting.
Attribution to: Ralph Callaway
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/3970