You already know how to control table access from other scopes. A similar concept can be applied to additional objects in your application.
Say you build a script include class for performing some special logic for your application, and want to secure your proprietary code. This is even more important if you are monetizing the app through the app store.
You'll obviously protect the file so no one else can read your code once it's deployed, but what about limiting the use of the script. Even though the script is encrypted you might be giving away future income potential if other vendor or customer applications are allowed to instantiate your class.
Just like table application access, we can control an "accessible from" attribute on our script include. The options are "all application scopes" and "this application scope only". Not much explanation needed here.
If a script from another scope attempts to instantiate this class it will be rejected, even from the global scope.
Evaluator: java.lang.SecurityException: Illegal access to private script include AppPrivateClass in scope x_cavu_test being called from scope global Caused by error in script at line 1 ==> 1: var cls = new x_cavu_test.AppPrivateClass();
This type of access control currently applies to the following records:
|Record Type||Default Access|
|AJAX Script||All Scopes|
|Workflow Actitity Definition||All Scopes|
|Business Rule||This Scope|
|REST Message||This Scope|
|Script Include||This Scope|
|SOAP Message||This Scope|
These defaults should be carefully reviewed on an application and record basis to ensure you have appropriate controls that provide the required functionality and access.