System Mode and User Mode in Salesforce

System Mode:

  • System mode is nothing but running apex code by ignoring user’s permissions. For example, if logged in user does not have create permission but they will able to create a record.
  • In system mode, Apex code has access to all objects and fields permissions, field-level security, sharing rules aren’t applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.
  • In Salesforce, all apex code run in system mode. It ignores user’s permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn’t enforce user permissions or field-level permissions, it only enforces record sharing.

User Mode:

  • User mode is nothing but running apex code by respecting user’s permissions and sharing of records. For example, if logged in user does not have create permission they are not able to create a record.
  • In User mode, Profile level permissions, field-level security, and sharing rules are applied for the current user.
  • In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.

Mode of execution:

  • Trigger – System
  • Validation Rule – System
  • Auto Response Rule – System
  • Assignment Rule – System
  • Workflow Rule – System
  • Escalation Rule – System
  • All Types of calculation behind formula, Rollup Summary – System
  • Process Builder – System
  • Visual Workflow or flow – User
    • if flow is called from Process Builder – System
    • if flow is called from Workflow – System
    • if flow is called from Apex – (depends on with or without sharing of apex class)
    • if flow is called from Custom Button – System
    • if flow is embed in Visualforce – Depends on VFP context
    • if flow is called from REST API – System
  • Approval Process – System
  • Publisher Action – System
  • InvocableMethod
    • if this is called from flow – User
    • if this is called from Process Builder (does it depends on with or without sharing is specified on that Class) – System
    • if this is called from REST API – (depends on with or without sharing of the class)
  • Custom Button – System
  • Test method with System.runAs() – User
  • Test method without System.runAs() – System
  • Visualforce Page (StandardController) – User
  • Visualforce Page (StandardController with extension) – System
  • Visualforce Page (Custom Controller)
    • depends on with or without sharing of the controller
  • Visualforce Component – depends on Visualforce page where it is used
  • Macros – System
  • Annonymous Apex – User
  • Chatter in Apex – User
  • Email Service – User
  • All types of Jobs – System
  • Apex Webservices (SOAP API and REST API) – System (Consequently, the current user’s credentials are not used, and any user who has access to these methods can use their full power, regardless of permissions, field-level security, or sharing rules.)