Find your content:

Search form

You are here

Why do we provide security access to apex classes


I have a visualforce page 'TestPage' which has access to all the profiles in my organization(say A,B and C). This page has a controller 'TestController'. This controller has access only to two profiles in my Org(say A and B). The controller looks like

public without sharing class TestController

But when I tried to login as a user with profile C and view the page, it is working fine and displaying the data that gets from the controller. But this profile C doesn't have access to the controller 'TestController'.

Can any one please explain what happens in this scenario?

Attribution to: Priyanka

Possible Suggestion/Solution #1

The reason for this is that giving a profile access to the page automatically grants access to any apex that the page relies on.

There's full details at:

Attribution to: Bob Buzzard

Possible Suggestion/Solution #2

Apex Class security doesn't matter in terms of loading a visualforce page. This comes into play if you're exposing the class as a webservice, to the ajax toolkit, and possibly javascript remoting.

Attribution to: Ralph Callaway
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content