What is Apex Sharing? How to share a records via apex?
Sharing rules, let us make automatic exceptions to organization-wide defaults for particular groups of users.Sharing rules can never be stricter than our org-wide default settings.We can extend the organization wide default setting with sharing rules.
Example – If any object is private with org-wide default then we can extend the access to public read only or public read write with sharing rule.
Salesforce provide a way by which we can create sharing rule by only point and click from the salesforce standard. You can set any criteria and give access to the object’s record . Example – Suppose u need to create a sharing rule for lead object when the lead field “Is_public” become true then you can easily add this criteria and give public access to the particular User or group etc.
But some cases are there where we can’t use the standard sharing rule functionality that’s why we need to create sharing rules with apex.
Let’s take a case example – I have a field “Reports to” in case object and this field is lookup to User object and we need to give public access to that user for their particular record. Suppose when a case is created and we select some user in the “Reports to” field then we want to give public access to this selected user for that record.So it is not possible with standard sharing rules. We need to create sharing rule for case object via apex.
Here I am sharing the code for how to create sharing rule for any object via Apex,each object has their own sharing object for case it is “CaseShare ” .We need to write down a trigger on case :
Example:
trigger ShareWithReportingMng on Case (after insert) {
List<CaseShare> csShareList = new List<CaseShare>();
for( Case cs : trigger.new ) {
if( cs.Reports_to__c != NULL ) {
// Create a new caseShare object for each case where reports_to__c field is not NULL.
CaseShare csShare = new CaseShare();
// Give Read write access to that user for this particular case record.
csShare.CaseAccessLevel = 'edit';
// Assign case Id of case record.
csShare.CaseId = cs.id;
// Assign user id to grant read write access to this particular case record.
csShare.UserOrGroupId = cs.Reports_to__c;
csShareList.add( csShare );
}
}
if( csShareList != null && csShareList.size() != 0 ) {
try {
insert csShareList;
}catch( Exception e ) {
trigger.new[0].Reports_to__c.addError('Error::::::'+e.getMessage());
}
}
}
List<CaseShare> csShareList = new List<CaseShare>();
for( Case cs : trigger.new ) {
if( cs.Reports_to__c != NULL ) {
// Create a new caseShare object for each case where reports_to__c field is not NULL.
CaseShare csShare = new CaseShare();
// Give Read write access to that user for this particular case record.
csShare.CaseAccessLevel = 'edit';
// Assign case Id of case record.
csShare.CaseId = cs.id;
// Assign user id to grant read write access to this particular case record.
csShare.UserOrGroupId = cs.Reports_to__c;
csShareList.add( csShare );
}
}
if( csShareList != null && csShareList.size() != 0 ) {
try {
insert csShareList;
}catch( Exception e ) {
trigger.new[0].Reports_to__c.addError('Error::::::'+e.getMessage());
}
}
}
So now you can create sharing rules from apex as above and delete that sharing when needed with apex(delete event).
Considerations and Limits of Sharing Rules
- Sharing Rules cannot be stricter than Organization Wide Defaults. If access needs to be restricted, another type of security should be used. Sharing rules are typically used to extend access to records.
- Manual Sharing is only available on individual records, it is not available for all records of a certain object.
- Sharing Rules are only applicable on records that have Private or Public Read Only access.
- With Sharing Rules you have the option to give read only or read/write access to records. We recommend being very conscious of what level of security users really need (i.e. is the access for informational purposes only or full collaboration).
- When setting Automatic and Manual Sharing users and admins have the ability to define if the security should be extended to related records. Make sure that extending the security makes sense before making the final decision to give this access.
No comments:
Post a Comment