A Glimpse of Spring'20 - Customization, Development & Security

Spring'20 Jan 6, 2020

In this post, I will continue highlighting some important features from Customization & Development area.

Customization

Flow Builder: Update New and Changed Records 10 Times Faster by Using Before-Save Updates in Flows

Creating or updating a record can now trigger an autolaunched flow to make additional updates to that record before it's saved to the database. Before-save updates in flows are much faster than other available record-triggered updates. For example, a before-save update in a flow is 10 times faster than an update in a record-change process that’s built in Process Builder. Replace your record-change processes with flows to minimize how often the spinner appears when users save records.

This can be easily compared with before update trigger event which updates the current running record & commiting all the changes once in the end in the database.

To use this, Create an autolaunched flow and open the Start element. For What Launches the Flow, select New or updated records — flow makes fast field updates.

With this kind of flow, the Flow Builder toolbox offers only four elements: Assignment, Decision, Get Records, and Loop.

Flow Builder: Configure Action and Create Records Elements Without Creating Variables

When you add an action or Create Records element to a flow, we automatically store the output values. You no longer have to create and assign variables, but you can still opt to do so. Action and Create Records elements that were created before Spring ’20 aren’t affected by this change.

Flow Builder: Build Invocable Actions That Work for Multiple Objects

works for multiple objects, rather than one for each individual object. Developers can build a filter or sort action that works with any collection of records, from accounts and contacts to custom objects. Previously, developers couldn't use polymorphic Apex structures in invocable actions because generic data types weren't supported.

Use the sObject or List data type in invocable methods and attributes.

public with sharing class GetFirstFromCollection {  

    @InvocableMethod
    public static List <Results> execute (List<Requests> requestList) {

        List<SObject> inputCollection = requestList[0].inputCollection;

        SObject outputMember = inputCollection[0];

        //Create a Results object to hold the return values
        Results response = new Results();

        //Add the return values to the Results object
        response.outputMember = outputMember;

        //Wrap the Results object in a List container 
        //(an extra step added to allow this interface to also support bulkification)
        List<Results> responseWrapper= new List<Results>();
        responseWrapper.add(response);
        return responseWrapper;    
    }

    public class Requests {

      @InvocableVariable(required=true)
      public List<SObject> inputCollection;
    }    

    public class Results {     

      @InvocableVariable
      public SObject outputMember;
    }
}

PS: Previously, the example class would have been tied to the Account or Contact or myCustomObject__c object. But now developers create one action, and the Flow Builder admin chooses the object each time they use that action. @InvocableVariable is the attribute which makes it this input variable available on flow builder

Flow Builder: Run Flows Without Worrying About User Permissions with System Mode

Normally, how a flow is launched determines whether the flow runs in the context of the user or the system. Now you can bypass the running user’s permissions by setting your flow to run in system context with sharing. The flow still respects org-wide default settings, role hierarchies, sharing rules, manual sharing, teams, and territories, but it ignores object permissions, field-level access, or other permissions of the running user.

Flow Builder: Make It Easy for Admins to Find Your Actions by Categorizing Them

Developers can help admins find custom invocable actions more easily by creating categories for them. After you add a category parameter to an action, your admins see the new category and its associated actions when building flows in Flow Builder.

public class SlackAction {
   @invocableMethod(
       label='Post to Slack Channel'
       description='Enter the name of the Slack channel you wish to post to.'
       category='Slack')
   public static void postToSlackChannel(List<String> channelName){
           // logic
   }
} 

Use Advanced Currency Management in Lightning Experience

You can manage dated exchange rates within opportunities without switching to Salesforce Classic. Advanced currency management is now available in Lightning Experience.

Group Permission Sets Based on User Job Function for Easier Assignment (Generally Available)

Now you can assign users a single permission set group instead of multiple permission sets. Permission set groups combine selected permission sets to provide all the permissions that users need for their job. Similarly, remove individual permissions from a group with the permission muting feature to ensure that users do not get permissions that are not relevant to their job functions. A new user interface helps you create and manage permission set groups.

Require Permission to View Record Names in Lookup Fields (Critical Update)

To better protect your Salesforce org’s data, we restrict who can view record names in lookup fields. Beginning in Summer ’20, users must have read access to these records or the View All Lookup Record Names permission to view this data. This critical update also applies to system fields, such as Created By and Last Modified By.

Secure Your Sandbox Data with Salesforce Data Mask

Salesforce Data Mask is a powerful new data security resource for Salesforce admins and developers. Instead of manually securing data and access for sandbox orgs, admins can use Data Mask to automatically mask the data in a sandbox.

Data Mask is a managed package that you install in a production org. You then run the masking process from any sandbox created from the production org.

Data Mask uses platform-native obfuscation technology to mask sensitive data in any full or partial sandboxes. The masking process lets you mask some or all sensitive data with different levels of masking, depending on the sensitivity of the data. Once the data is masked, you can’t unmask it. This irreversible process ensures that the data is not replicated in a readable or recognizable way into another environment.


Development

LWC: The @track Decorator Is No Longer Required for Lightning Web Components

No more guessing about whether to use @track to make a field reactive. All fields in a Lightning web component class are reactive. If a field’s value changes, and the field is used in a template or in a getter of a property that’s used in a template, the component rerenders and displays the new value.

LWC: Style Lightning Web Components with Custom Aura Design Tokens

A Lightning web component’s CSS file can use a custom Aura token created in your org or installed from an unmanaged package. Tokens make it easy to ensure that your design is consistent, and even easier to update it as your design evolves.

Aura Token:

<aura:tokens>
    <aura:token name="myBackgroundColor" value="#f4f6f9"/>
</aura:tokens>

Usage in LWC:

// myLightningWebComponent.css
color: var(--c-myBackgroundColor);

Lightning Base Components: Open Source

Base components for the Lightning Web Components framework are now open source. Explore the source code and customize base components for your own apps.

You can use the base components source code to build custom components that meet your own requirements. The Base Components Recipes GitHub repository provides you read access to a subset of the components shown in the Component Library. Components that are currently not available in open source contain internal dependencies and cannot be open sourced at this time. However, it is our long term goal to open source all base components.

Aura Components in the ui Namespace Are Deprecated

Salesforce plan to end support for the deprecated components on May 1, 2021.

Communicate Across Salesforce UI Technologies with Lightning Message Service (Beta)

Use the Lightning Message Service API to communicate across the DOM, between Aura components, Visualforce pages, and Lightning web components. Lightning Message Service also enables communication between a component in a main Lightning page with one in a pop-out utility bar. If you’re switching from Salesforce Classic to Lightning Experience, you can now build Lightning web components that can communicate with existing Visualforce pages or Aura components.
A Lightning web component uses a Lightning Message Channel to access the Lightning Message Service API. Reference Lightning Message Channel with the scoped module @salesforce/messageChannel. In Visualforce, use the global variable $MessageChannel. In Aura, use lightning:messageChannel in your component.

To see more about messageChannel and its usage, please visit this link

Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing (Critical Update, Enforced)

This critical update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing. This critical update applies only to orgs created after Spring ’18 or orgs that activated the retired “Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing” critical update that had the opposite effect and set the default to without sharing.

Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Critical Update, Enforced)

This critical update gives you more control over which guest, portal, or community users can access Apex classes containing @AuraEnabled methods. Add guest user profile access to any @AuraEnabled Apex class used by a community or portal. When this critical update is activated, a guest, portal, or community user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class.

Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile (Previously Released Critical Update)

This critical update gives you more control over which authenticated users can access Apex classes containing @AuraEnabled methods. When this critical update is activated, an authenticated user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class.

Enable Field- and Object-Level Permissions Checking Using WITH SECURITY_ENFORCED in SOQL Queries (Generally Available)

SOQL queries using WITH SECURITY_ENFORCED is now generally available. Use the WITH SECURITY_ENFORCED clause to enable field and object level security permissions checking for SOQL SELECT queries in Apex code, including subqueries and cross-object relationships. The WITH SECURITY_ENFORCED clause is available only in Apex.

Enforce Field- and Object-Level Security in Apex (Generally Available)

The Security.stripInaccessible method for field- and object-level data protection is now generally available. Use the stripInaccessible method to strip fields that the current user can’t access from query and subquery results. Use the method to remove inaccessible fields from sObjects before a DML operation to avoid exceptions. Also, use the stripInaccessible method to sanitize sObjects that have been deserialized from an untrusted source.

Use More API Calls

The default daily API request allocation has been raised from 15,000 to 100,000. This change applies to the Developer Edition, Enterprise Edition, Professional Edition with API access enabled, Unlimited Edition, and Performance Edition.

No Maximum Daily Cap for API Calls

The maximum daily cap of 1,000,000 API requests has been removed. This change applies to the Enterprise Edition and to the Professional Edition with API access enabled.

Clone a Sandbox with a Version Different from Production

You can now clone a sandbox that’s on a different major Salesforce release version than your production org. Previously, a sandbox that was on a different version from the production org due to a release transition couldn’t be cloned, and the clone link in the UI was disabled. Now you can clone preview sandboxes for development, testing, and training.

Skip Validation to Quickly Iterate Package Development

Iterate package development more efficiently by skipping validation of dependencies, package ancestors, and metadata during package version creation. You can use the skip validation parameter with second-generation managed packages and unlocked packages. Skipping validation reduces the time it takes to create a new package version, but package versions created without validation can’t be promoted to the released state.

In Salesforce CLI run: sfdx force:package:version:create --skipvalidation. In Tooling API, use the SkipValidation field on the Package2VersionCreate object.

Create and Install Package Versions Faster

The wait time is now much less when you create a new package version immediately after creating a new package. Also, the time between when a package version is created and when it's available to install is also much less. After promoting a package version to released, you can now install it in a production org without delay. In most scenarios, you don’t need the publishwait CLI parameter.

View More Packaging Details in List and Report Salesforce CLI Commands

Salesforce expanded the package:version:list and package:version:report commands to show information on code coverage, package ancestor, and whether validation was skipped.


Security

Let Users Log In to Salesforce with Their Apple ID

Using the new Apple authentication provider, your customers can log in to a Salesforce org or community with their Apple ID.

To let users log in with their Apple ID, create an Apple authentication provider from the Salesforce Auth. Providers Setup page. After configuring the authentication provider and adding the Apple sign-in button to your Salesforce and Communities login pages, users can log in with their Apple credentials.

Prevent Identity Verification by Email

All new Salesforce orgs are now set up so that identity verification by email occurs only if the user has no other identity verification methods registered. Possible identity verification methods include Salesforce Authenticator, SMS, time-based one-time password (TOTP), physical key (U2F), and email. The new setting, Prevent identity verification by email when other methods are registered, appears on Identity Verification and Session Settings Setup pages. To increase security in your existing orgs, Salesforce recommends that you enable this setting.

From Setup, in the Quick Find box, enter Identity Verification, and then select Prevent identity verification by email when other methods are registered.

Limit API Access for External Users

To enhance security, you can restrict community and portal (external) user access to Salesforce APIs through connected apps that are installed in your org. Previously, you weren’t able to restrict only external user access to Salesforce APIs.

The OAuth Approval Page Timeout Has Increased

You now have two hours to approve access to connected apps on the OAuth Approval page. Previously, the page timed out after 15 minutes.

Related Tags:

Spring'20   Release   Salesforce