Today we will try to cover the topic "With sharing and Without sharing in Salesforce".
With sharing:
We use the keyword "with sharing" before declaring class so as to take into account the sharing rules for the user. By default apex class runs into system mode so as to avoid code failure because of permissions.
With sharing:
We use the keyword "with sharing" before declaring class so as to take into account the sharing rules for the user. By default apex class runs into system mode so as to avoid code failure because of permissions.
Syntax:
Without sharing:
Sharing rules are not taken into account for the user.
Without sharing:
Sharing rules are not taken into account for the user.
Syntax:
POINTS TO NOTE:
3) Let’s say an Apex class, which is not declared with any keywords such as "with sharing" or "without sharing," is fetching Opportunity records. The user running under whose context this apex class is invoked does not own any Opportunity records, nor are any Opportunity records shared with them. In this case, will the class be able to fetch Opportunity records?
POINTS TO NOTE:
- If we do not declare class with "With sharing" or "Without sharing" the class will not take into account the sharing rules but if this class is called from another class which is declared with "with sharing" it will take into account the sharing rules.
- If the class with "with sharing" is calling method of another class with "without sharing" than the method inside "without sharing" class will execute without sharing rules.
- If the class with "without sharing" is calling method of another class with "with sharing" than the method inside "with sharing" class will execute with sharing rules.
- Inner class do not have sharing settings of parent class.
- Class have sharing settings of parent class when we implements it or extends it from parent class.
Now, Let us go through below scenarios for better understanding.
1) Let's say a user does not have permission on a child object but has permission on the parent object to read, create, edit, and delete the parent record. If I create a trigger on the parent object to insert a child record after the parent record is created from an Apex class (which does not have any keywords declared, like "with sharing" or "without sharing," nor does it have WITH SECURITY_ENFORCED), will a child record be created after the user inserts the parent record manually?
Yes, a child record will be created. By default, triggers and Apex classes run in system mode, which means they bypass the user's permissions and can insert the child record even if the user does not have access to the child object.
2) If, in the above scenario, from the trigger, I am calling an Apex class that is in "with sharing" mode and inserting a child record after the parent is manually inserted by the user, will a child record be created?
Yes, a child record will be created. The with sharing keyword only enforces the sharing rules for the user, but it does not affect object permissions. Since the trigger runs in system mode and bypasses the user's permissions, it will still create the child record. The with sharing keyword primarily governs the visibility of records based on sharing rules, not user permissions for specific objects.
3) Let’s say an Apex class, which is not declared with any keywords such as "with sharing" or "without sharing," is fetching Opportunity records. The user running under whose context this apex class is invoked does not own any Opportunity records, nor are any Opportunity records shared with them. In this case, will the class be able to fetch Opportunity records?
Yes, the class will be able to fetch Opportunity records. Since the Apex class runs in system mode by default (when neither the
with sharing nor without sharing keywords are specified), it bypasses the user's record-level access and CRUD permissions. As a result, the class can retrieve all Opportunity records, regardless of the user's permissions or whether the records are shared with them.4) Let’s say an Apex class, which is declared with the "with sharing" keyword, is fetching Opportunity records. The user, under whose context this Apex class is invoked, does not own any Opportunity records, nor are any Opportunity records shared with them. In this case, will the class be able to fetch Opportunity records?
No, the class will not be able to fetch Opportunity records. The with sharing keyword enforces sharing rules, meaning that only records the user has access to (based on sharing rules, ownership, or explicit sharing) will be retrieved. Since the user does not own any Opportunity records, nor are any records shared with them, the class will not be able to access those records.
awesome Cleared all my doubts
ReplyDeleteThis is the best explanation I could find, thanks!
ReplyDeleteNice one
ReplyDeletevery useful, the examples help a lot, thanks
ReplyDeleteNice explanation
ReplyDeletecan someone please expai answer of 2nd question n aso for 3 n 4
ReplyDeletecan u please eleborate difference between no keyword and without sharing
ReplyDeletePls add this scenario as well :- let say I am calling apex class which is in "with sharing" mode and where I am UPDATING child record after parent is inserted manually by user, so will it create a child record if the user do no have access to the child record?
ReplyDelete>>It will not update as user do no have access to the child record.
I think question 1 lacks some details to come to the conclusion that it will create the child record. Nowhere was it stated the apex/trigger had the clause "with or without sharing" or no statement about sharing. We cannot know what context the classes are running. The second is not clear either. The sharing rules are not laid out in the scenario. So, if we base it on the permissions of the user, you state that the user does not have permission to create the child record. Why would they be able to create the child record if it is based on the users permission?
ReplyDelete