I'm writing a managed package, and I'm using a number of fields that are controlled by the system and written to from apex.
Of course, I can restrict access to the fields via a profile, but I don't know how this works with System Administrators in the client's org.
My question is:
If I mark a field in my Managed Package as readonly to a system administrator profile, and subsequently deploy that profile when installing the package in a Client's org:
Will the system administrator be able to write to that field?
Additionally: Will the client org be able to write their own apex to write to that field?
How do you guys deal with this?
thanks -JN
Best Answer
I'm seeing two issues (one in your question and one raised by @sfdcfox):
For the custom roll-up field, you can combat this by putting a trigger on the CHILD (rolled-up) object and one on the PARENT (holding the field) object. You would definitely need to worry about recursion, so plan on having a class with a static boolean to avoid that, but it can be done. Then, any time someone edits that field, it just resets to its proper value.
For the issue sfdcfox raised, that's a use-case for custom settings. I like to make a List setting with the following fields: ValueBoolean__c, ValueText__c, etc. Then just store whatever you want in a key-value fashion.