Monday, November 6, 2017

Declarative Sharing Vs Apex Managed Sharing

Force.com platform provides declarative sharing option which are easy to configure and meets basic data sharing requirements.

Different declarative sharing options

  • Record Ownership
Record owner will have read, edit, delete, share and transfer access.
  • Teams
Account teams, sales team and case team allow group of users to have access to different account, opportunities and case records.
  • Role hierarchy
This allow users in higher role to have same level of access to data which users have in lower hierarchy.
  • Sharing rules
You can create owner based or criteria based sharing rules in system which will open up the record access to users. Records can be shared to public group, roles,roles and internal subordinates, roles internal and portal subordinates etc.

Sharing rules also allow to share data with external users. The default external access level must be more restrictive or equal to default internal access level.

For example, if external sharing default is set to Public Read-Only for custom object, then valid internal default settings will be Private and Public Read Only.
  • Manual Sharing
Manual Sharing is also known as User Managed Sharing. This option allow user to share record manually with another user or public group, portal roles, portal users, roles, roles and internal subordinates, roles internal and portal subordinates etc.

Remember if record owner share record manually with another user and later on record owner changes, then manual sharing record will be deleted.

Apex Managed Sharing

This allows developers to share records by using apex code. This is also known as "Programmatic Sharing". Object share records can be created for standard and custom object but custom sharing reason can be defined for custom object only.

For example, if we have to share a record with a user specified in lookup field, then you can use trigger to create record in share table to provide access. 
Valid access level for records are Edit/ Read.

If OWD for object is either Public Read only or Private, then share table will exist for that object. You can create record in that share table to provide access to any user. Below are 4 fields you need to specify in order to create record in share table:
  • ParentId : 15 digit or 18 digit id of record which you want to share.
  • UserOrGreoupId : User id or group Id
  • Access Level : Edit or Read. This field must be set to an access level that is higher than the organization’s default access level for the parent object.
  • RowCause : You can specify the reason for sharing record. First define sharing reason for custom object. For standard object, you can specify Manual.
 You can not update ParentId field.

You can share record with same user or group by using different sharing reasons.

Consideration while using Apex Managed Sharing
  • If record owner changes, then sharing created through apex managed sharing are maintained but if user share record manually, then record sharing will be lost if owner changes.
  • User with "modify All Data" can only add, edit or delete records in share table.

6 comments:

  1. Really understandable article..
    Thanks for posting and sharing knowledge.

    ReplyDelete
  2. Hello, I have browsed most of your posts. This post is probably where I got the most useful information for my research. Thanks for posting, maybe we can see more on this. Are you aware of any other websites on this subject. It managed services

    ReplyDelete
  3. Hi There,

    Interesting piece!Great to see someone write Declarative Sharing Vs Apex Managed Sharing who is not a fanatic or a complete skeptic.

    I am trying to complete the Trailhead for Paths and Workspaces and am encountering an issue where I have to add an event via the quick action "New Event".

    This button does not exist on the page layout. I have added it to all Lead page layouts, the Lead object does not currently utilise record types and I have enabled the Lightning buttons override. Despite this, there is still no button appearing under Activity for "New Event" as the Trailhead indicates there should be.

    There are two threads on this issue that have been marked as SOLVED however the solutions posted there have no helped in resolving this issue for me.

    If anyone can help provide a solution that would be great. I would really like to complete this Trailhead!

    Appreciate your effort for making such useful blogs and helping the community.

    Many Thanks,
    Preethi.

    ReplyDelete