Saturday, April 25, 2015

Recursive Process with Autolaunched Flow

In the old days of Salesforce, if a workflow field update occurred during a DML operation, the before and after triggers would for that object would execute a second time. But in the new world of Process Builder with autolaunched flows, how does the order of operations play out?

The Spring '15 documentation seems to imply that processes only fire once. The reason I say this is there is no corresponding explanation for processes in the same vein as the explicit explanation (shown below) for how a workflow rule can cause triggers to fire again.

As with many things in Salesforce, I like to trust and verify. And I found that Process Builder processes actually can cause triggers and the process itself to execute up to five (5) more times. I couldn't find this documented anywhere, but that seems to be the de facto limit on process recursion.

The proof

To prove this to myself, I decided to stage a manual test based on the following constructs:
  • A custom object named TriggerEvent__c exists as a child to the Account object
  • An Account trigger exists to create a TriggerEvent__c record before update
  • A process exists that launches a flow, which increments the Num Employees value by one if Num Employees is not blank

Under this setup, when I updated an account and entered 100 for Num Employees, I actually ended up with 106 for Num Employees and six new child TriggerEvent__c records.

update vs. undelete in Apex Triggers

Based on the Implementing Triggers training module, there are only four DML operations for which triggers can be executed: insert, update, delete and undelete. But, when an undelete operation occurs, does that also count as an update operation, whereby the sObject.IsDeleted value is toggled?

To settle the matter for my own benefit, I create an Apex test to validate my assumptions. What I learned and confirmed were the following:

  • Only one of Trigger.isUpdate, Trigger.isDelete and Trigger.isUndelete will ever be true during trigger execution. This means that the three operations are indeed distinct and constitute different trigger contexts.
  • The ALL ROWS keyword is required to retrieve soft-deleted records that are in the Recycle Bin

Below are the trigger and its test class I used.



Monday, April 20, 2015

Salesforce Limits All Developers Should Know

As I was going through the Object-Oriented Programming in Apex training module, the section on "Limit Methods" reminded me that out of the myriad limits detailed in Salesforce Limits Quick Reference Guide, there are some that are more important than others. Which ones? How about the ones that have their own Limits methods...

To that end I went through the exercise myself and compiled a list of the Limits methods and what the respective limits are, using the helpful resources below.

This was a great learning experience for me, as I discovered many old limits have been deprecated, especially the ones previously affecting describe methods! It was also interesting to note that there is no limit on callouts per 24-hour period, or at least none that I could find.

Surprises with and without sharing in Apex

I'll admit that I never dug too deep into the with sharing and without sharing keywords. At a high level I felt that if I want to enforce security and visibility, I should use with sharing. Otherwise I should use without sharing, which I also assumed was the default.

The Object-Oriented Programming in Apex training module surprised me by telling me that CRUD permissions and field-level security ("FLS") are ignored both with sharing and without sharing! Also, system mode simply means that record-level read and edit privileges are ignored, since CRUD and FLS are always ignored.

This is contrary to what I'd inferred from the Apex Code Developer's Guide, which writes, "In system context, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren’t applied for the current user." My interpretation of this statement was that on the flip side, when with sharing is applied, "object permissions, field-level security, sharing rules" would all be applied for the current user.

It was a bit hard for me to believe that Apex would not respect CRUD (if not FLS) permissions, so I created a Visualforce page to test this in my org. And it seemed to me that indeed, an Apex controller created using the with sharing keyword would allow a user without the Delete object permission to delete a record. Crazy... am I missing something?

Well! What's more interesting was that with a standard controller, CRUD permissions are always observed with actions like delete(), regardless of whether an extension class is defined with sharing or without sharing. For example, a button that invoked the StandardController.delete() action would automatically be hidden if a user didn't have the Delete object permission. Furthermore, if a custom action in the extension class invoked the standard controller's action, the custom action would also be subject to the user's CRUD permission, generating an "insufficient privileges" error.

So, I guess the way to enforce CRUD is to use standard controllers, which I don't think is always feasible, especially with mass actions.

Sunday, April 19, 2015

Alternative to DEV-501 Modules in CTA Study Guide

When planning my CTA studies, I didn't realize that the "Apex" and "Visualforce Controllers" modules mentioned in the Study Guide are actually courses in Spring '15, not modules. The Apex course is 331 mins, and the Visualforce Controllers course is 172 mins. Together that's over 8 hours of material to cover.

So, instead of going through both courses in full, since there seem to be several basic modules that I'm going to guess that really won't be useful for me, I'm going to revise my plans to cover just a few modules from each course.

From the Apex course:

  • Data Types and Logic
  • Object-Oriented Programming in Apex
  • Implementing Triggers
  • Working with Web Services
  • Receiving and Sending Emails Through Apex
  • Advanced Topics

From the Visualforce Controllers course:

  • Visualforce Controller Extensions and Custom Controllers
  • Further Visualforce Controller Topics

Another problem with the study guide is that there is no Managing Development Lifecycle module, or at least not one that I could find in the training catalog. In this cases I'm going to replace this "module" with simply reading through's official Development Lifecycle Guide.

Friday, April 17, 2015

Exchange Sync (Beta) Resources in Spring '15

It's been a bit hard to find all of the official resources on Exchange Sync (Beta), so I've put together a list of the resources below that I've encountered. Please add comments to share any more that you've found.

Wednesday, April 15, 2015

Salesforce Security & Visibility Design Considerations

I felt compelled to create a Salesforce Security & Visibility Design Considerations matrix to synthesize and expand on the information presented in the Design Considerations training module, part of the Building Applications with - Part 1 course. We already have a similar template internally in my company, but creating one from scratch and adding to it on my own feels like a good way to internalize the knowledge.

The matrix focuses on two aspects: object security and record visibility. Specifically, who has permissions to do what with each object, and who can see what records in each object.

To control the "doing", the most straightforward way is to use object permissions with profiles and permission sets. However, it is conceivable that less admin-friendly and user-friendly options can be used to prevent certain operations. Below are a couple of examples:

  • A validation rule can be used to prevent editing closed opportunities
  • A Process Builder process could fire an autolaunched flow that reaches a fault condition, causing the create or edit operation to fail. Although I doubt anyone would do this right now, not only because it's cumbersome to implement but also because the error presentation in Spring '15 is not very pretty.
  • An Apex trigger can be used to add errors to a record, thereby preventing the create, edit or delete operation

To control the "seeing" of records, the only practical means are to use the role hierarchy, teams (where applicable) and sharing rules. However, I do want to point out one technically possible way to restrict visibility in the UI, and that is to use Visualforce page overrides for standard actions. A Visualforce page could use the init action to route the user to a different page based on record and user criteria. While in theory the approach would work, in practice the override would fall flat because of incompatibility with Salesforce1 and because users can create reports or list views to see the "hidden" records.

Alternative to "Designing Applications" Module in CTA Study Guide

The CTA Study Guide recommends the following three DEV-401 modules: Designing Applications, Data Management, and Enhancing the User Interface Using Visualforce. However, upon checking the training catalog I couldn't find an online module titled "Designing Applications".

Searching for "designing applications", the catalog returned two relevant courses: Building Applications with - Part 1 & Part 2. So, based on the descriptions I figured the following modules would make a more complete set to start my training:

  • Design Considerations. This module introduces the business requirements that an organization might have when setting up security and access.
  • Managing Your Users' Experience. Learn how to set up users with appropriate permissions. See how licenses and profiles dictate a user's access to an application.
  • Controlling Access to Records. Examine different ways in which users receive access to records: through ownership, organization wide defaults, roles and sharing rules.
  • Designing Data Access Security. This module provides a summary of security and access features. Through a number of business scenarios, students will have the opportunity to apply the knowledge that they have gained about determining user access.
  • Data Management. Learn the basics of data management including record IDs, external IDs, and object relationships.
  • Enhancing the User Interface Using Visualforce. Discover what Visualforce is and its features and capabilities. Learn the basics of Visualforce syntax and how Visualforce components are similar to HTML and XML. Learn how to create Visualforce pages and add them into an application.
  • Additional Uses for Visualforce. Continue to explore using Visualforce pages to change the look and feel of a page, to display Salesforce data on a website using AJAX and JavaScript in conjunction with Visualforce, and to develop Visualforce pages for mobile devices.

Personalized Schedule for My 30-Day Action Plan

Yesterday I created The CTA Review Board Candidate's 30-Day Action Plan. But when I looked ahead at my work commitments and personal events, I realized that the plan is useless without the context of my own life. So, I created a daily schedule and used some formulas and conditional formatting to give better form to my plan.

Now that I'm comfortable knowing I won't burn myself out or neglect my personal relationships, I'm ready to dig into Day 1 (at a really late hour, I know).

Monday, April 13, 2015

The CTA Review Board Candidate's 30-Day Action Plan

Having already passed's Certified Technical Architect Multiple-Choice Exam, and having then failed my first attempt at the Review Board Presentation, I'm now faced with a sobering reality: My second (and likely final) attempt at the TA certification is less than 60 days away.

Complicated by the following factors, I asked myself, "Can I really do this?"
  • I'm fully billable for 40 hrs/wk between now and then on an important project where my role is the Salesforce technical architect
  • I'm the happy father of a 7-month-old, and there's no one at home to support my wife except me, since our closest parent is about 1,000 miles away
  • I'm paying out of pocket to take an MBA class right now that I cannot afford to fail

The reality seems to be, "Do I really have a choice?" It's now or never, sink or swim. So, to help center myself and to aid any others who're about to embark on a similar journey, I'm going to lay out what I'm going to do in the next 30 calendar days, dubbing it, The CTA Review Board Candidate's 30-Day Action Plan.

A few notes on terminology used in the plan:

  • A "comprehensive scenario" includes use cases for Sales Cloud, Service Cloud, Community Cloud, Chatter, the Salesforce1 Platform, the Salesforce1 mobile app and Heroku
  • "Large data volumes" means that at least one object holds over 1 million records
  • A "technical work stream" involves making changes to Salesforce itself or to an integration job or migration effort

Luckily for me, in Spring '15 the requirement for a customer case study is no more! This change implies extra scrutiny on the Hypothetical Scenario Exam, Presentation, and Discussion, but I feel the odds for me personally just improved ever so slightly.

All right, then. Let's do this!

Wednesday, April 1, 2015

Events Created By Apex Respects DST

For my own edification, I wanted to confirm that Apex in Salesforce is capable of automatically adjusting for DST based on the user's local time zone.

The scenario: As a user in the America/New_York time zone, when I create an event using Apex for July 4, 2015 (EDT) at 9:00 AM and another event for December 25, 2015 (EST) at 9:00 AM, I expect the following:

  • Both events should appear in the UI as starting at 9:00 AM on my calendar
  • The UTC start time for the July 4 event should be 13:00
  • The UTC start time for the December 25 event should be 14:00, which accounts for the end of Daylight Savings Time

The following code confirms the expected behavior: