This allows developers to remove all fields from the records that the running user does not have access to. This makes it easier to allow graceful degradation of application behavior on security violation by omitting fields rather than failing.
Use the stripInaccessible method to strip fields that the current user can’t access from query and subquery results. Use the method to remove inaccessible fields from sObjects before a DML operation to avoid exceptions. Also, use the stripInaccessible method to sanitize sObjects that have been deserialized from an untrusted source.
The stripInaccessible method checks the source records for fields that don’t meet the field- and object-level security check for the current user and creates a return list of sObjects. The return list is identical to the source records, except that fields inaccessible to the current user are removed.
Following example removes fields from the query result that the current user does not have update access to.
SObjectAccessDecision securityDecision = Security.stripInaccessible(
AccessType.UPDATABLE,
[SELECT Name, BudgetedCost, ActualCost FROM Campaign]
);
Following example performs a query and then removes inaccessible fields from the query result.
List<Contact> records = [
SELECT
Id, Name, Phone, HomePhone
FROM
Contact
];
SObjectAccessDecision securityDecision = Security.stripInaccessible(
AccessType.READABLE,
records
);
For more information, check https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_with_security_stripInaccessible.htm
Centricity Force 