Various tools, laid out in a row

For the first time we’re presenting a vlog from the Desynit Development Team! This is a short video explaining how, if you are using @AuraEnabled Apex with your Lightning Components, you may have a serious permissions problem brewing due to two recent Critical Updates. I also look at how to use features of VSCode and the command line to investigate and edit sections of your metadata.

Please let us know what you think about this new format! I’ve added some notes below if you want to follow up on the content shown in the video.

Critical Updates

Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Critical Update)

Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile (Critical Update)


This is the Bash command I use to generate a text file of the names of all Apex classes with @AuraEnabled methods:

grep -lir '@AuraEnabled' > matches.txt

The command line arguments stand for:

  • -r recursive
  • -i ignore case
  • -l filename only

If you’re a Windows user and need to set up Bash inside VS Code, there are instructions here.

VS Code

Use the following search and replace settings in VS Code to generate the XML for sharing Apex classes in a Permission Set (make sure the Regular Expression option is engaged):



Lightning Web Components

Here is the code for the LWC that throws an error if the current User does not have access to it’s Apex Controller (and the relevant Critical Update is engaged):

    <lightning-card title="Hello World 2">
        <template if:true={helloMessage}>
            <div class="slds-m-around_medium">

import { LightningElement, track } from 'lwc';
import getMessage from '@salesforce/apex/HelloWorldController.getMessage';

export default class HelloWorld2 extends LightningElement {

    @track helloMessage;

    connectedCallback() {

        .then(result => {
            this.helloMessage = result;
        .catch(error => {
            console.log("Error", error);



<?xml version="1.0" encoding="UTF-8"?>
<LightningComponentBundle xmlns="">
    <masterLabel>Hello World 2</masterLabel>

public with sharing class HelloWorldController {

    public static String getMessage() {
        return 'Hello World!';


Dorian Sutton June 10, 2020

4 thoughts on “Fix Permissions for @AuraEnabled Apex

Leave a Reply

Your email address will not be published. Required fields are marked *