DFA check is catching some of the classes

[mayank-1-2]

We were passing the framework classes through SFDX DFA checks and getting multiple issues.
After modifying some of the issues we are encountering Database operation must be executed from a class that enforces sharing rules. and majorly in LogManagementDataSelector.
Do we have any reason to keep it in without sharing (If we keep it in inherited sharing it will break anything?)

[jongpie]

Hi @mayank-1-2 - great question. Any time a user generates logging data, there are several data points that Nebula Logger automatically queries and stores when creating records in Log__c and LogEntry__c. This data is intentionally queried using without sharing because the LogManagementDataSelector class is typically used by the automated process system user, and this system user does not always have access to some data when using with sharing.

I have not recently tested using with sharing instead, but given that this is a logging tool, it's intended to run behind the scenes with elevated permissions so it can automatically capture extra info, so I think this is a valid time to use without sharing.

[mayank-1-2]

@jongpie And Sorry for extending the question but we require With USER_MODE for queries we are doing in the LogManagementDataSelector class as DFA is catching that also.
Or it is also intended to run in system mode?

[jongpie]

That's correct, it's also intended to run in system mode - using WITH USER_MODE would (probably) break some functionality.

[mayank-1-2]

Thanks for Reply I got my answers.