Fix Permissions for @AuraEnabled Apex

Various tools, laid out in a row

For the first time we’re presenting a vlog from the Desynit Development Team! This is a short video explaining how, if you are using @AuraEnabled Apex with your Lightning Components, you may have a serious permissions problem brewing due to two recent Critical Updates. I also look at how to use features of VSCode and the command line to investigate and edit sections of your metadata.

Please let us know what you think about this new format! I’ve added some notes below if you want to follow up on the content shown in the video.

Critical Updates

Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Critical Update)

Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile (Critical Update)


This is the Bash command I use to generate a text file of the names of all Apex classes with @AuraEnabled methods:

[prism field=Code1]

The command line arguments stand for:

  • -r recursive
  • -i ignore case
  • -l filename only

If you’re a Windows user and need to set up Bash inside VS Code, there are instructions here.

VS Code

Use the following search and replace settings in VS Code to generate the XML for sharing Apex classes in a Permission Set (make sure the Regular Expression option is engaged):

[prism field=Code2]
[prism field=Code3]

Lightning Web Components

Here is the code for the LWC that throws an error if the current User does not have access to it’s Apex Controller (and the relevant Critical Update is engaged):

[prism field=Code4]
[prism field=Code5]
[prism field=Code6]
[prism field=Code7]

Various tools, laid out in a row
By Dorian Sutton
10 June 2020
Application DevelopmentSalesforce DevelopmentThe Dev ZoneThe Good Systems Blog

Share this post

Catt to action

Amet aliquam id diam maecenas ultricies mi eget mauris

Lorem ipsum dolor sit amet, consectetur elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.