How Does Apex Class Security Work?

Hi Suyash,

Permission for an Apex class is checked only at the top level. For example, if class A calls class B, and a user profile has access only to class A but not class B, the user can still execute the code in class A. Likewise, if a Visualforce page uses a custom component with an associated controller, security is only checked for the controller associated with the page. The controller associated with the custom component executes regardless of permissions.

You can set Apex class security via:
1.The Apex class list page
2.An Apex class detail page
3.Permission sets
4.Profiles