Monday, November 6, 2017

Declarative Sharing Vs Apex Managed Sharing

Force.com platform provides declarative sharing option which are easy to configure and meets basic data sharing requirements.

Different declarative sharing options

  • Record Ownership
Record owner will have read, edit, delete, share and transfer access.
  • Teams
Account teams, sales team and case team allow group of users to have access to different account, opportunities and case records.
  • Role hierarchy
This allow users in higher role to have same level of access to data which users have in lower hierarchy.
  • Sharing rules
You can create owner based or criteria based sharing rules in system which will open up the record access to users. Records can be shared to public group, roles,roles and internal subordinates, roles internal and portal subordinates etc.

Sharing rules also allow to share data with external users. The default external access level must be more restrictive or equal to default internal access level.

For example, if external sharing default is set to Public Read-Only for custom object, then valid internal default settings will be Private and Public Read Only.
  • Manual Sharing
Manual Sharing is also known as User Managed Sharing. This option allow user to share record manually with another user or public group, portal roles, portal users, roles, roles and internal subordinates, roles internal and portal subordinates etc.

Remember if record owner share record manually with another user and later on record owner changes, then manual sharing record will be deleted.

Apex Managed Sharing

This allows developers to share records by using apex code. This is also known as "Programmatic Sharing". Object share records can be created for standard and custom object but custom sharing reason can be defined for custom object only.

For example, if we have to share a record with a user specified in lookup field, then you can use trigger to create record in share table to provide access. 
Valid access level for records are Edit/ Read.

If OWD for object is either Public Read only or Private, then share table will exist for that object. You can create record in that share table to provide access to any user. Below are 4 fields you need to specify in order to create record in share table:
  • ParentId : 15 digit or 18 digit id of record which you want to share.
  • UserOrGreoupId : User id or group Id
  • Access Level : Edit or Read. This field must be set to an access level that is higher than the organization’s default access level for the parent object.
  • RowCause : You can specify the reason for sharing record. First define sharing reason for custom object. For standard object, you can specify Manual.
 You can not update ParentId field.

You can share record with same user or group by using different sharing reasons.

Consideration while using Apex Managed Sharing
  • If record owner changes, then sharing created through apex managed sharing (if row cause is not manual and uses custom sharing reasons) are maintained but if user share record manually, then record sharing will be lost if owner changes.
  • User with "modify All Data" can only add, edit or delete records in share table.

18 comments:

  1. Really understandable article..
    Thanks for posting and sharing knowledge.

    ReplyDelete
  2. Hello, I have browsed most of your posts. This post is probably where I got the most useful information for my research. Thanks for posting, maybe we can see more on this. Are you aware of any other websites on this subject. It managed services

    ReplyDelete
  3. Hi There,

    Interesting piece!Great to see someone write Declarative Sharing Vs Apex Managed Sharing who is not a fanatic or a complete skeptic.

    I am trying to complete the Trailhead for Paths and Workspaces and am encountering an issue where I have to add an event via the quick action "New Event".

    This button does not exist on the page layout. I have added it to all Lead page layouts, the Lead object does not currently utilise record types and I have enabled the Lightning buttons override. Despite this, there is still no button appearing under Activity for "New Event" as the Trailhead indicates there should be.

    There are two threads on this issue that have been marked as SOLVED however the solutions posted there have no helped in resolving this issue for me.

    If anyone can help provide a solution that would be great. I would really like to complete this Trailhead!

    Appreciate your effort for making such useful blogs and helping the community.

    Many Thanks,
    Preethi.

    ReplyDelete
  4. A small error in your last line:
    If record owner changes, then sharing created through apex managed sharing are maintained...

    This is not necessarily true. If you are using Apex Managed Sharing, and the RowCause is set to Manual (as opposed to a custom Apex Sharing Reason), then it will be deleted when the owner changes. So, if you want to maintain the Share, then use a custom Apex Sharing Reason.

    ReplyDelete
    Replies
    1. Hi Alive,

      I have updated last line to make it more clear. Thanks for your feedback.

      Delete
  5. Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. Thank you because you have been willing to share information with us. IT consulting service provider USA

    ReplyDelete
  6. Hi Sunil,

    i came across your blog while studying for exam, i found the following statement incorrect
    "For example, if external sharing default is set to Public Read-Only for custom object, then valid internal default settings will be Private and Public Read Only."

    My understanding is that Default External Access cant be more permissive than Internal. So in the above statement it must be "Public Read Only or Public read write"

    ReplyDelete
    Replies
    1. You are correct, default external access must be more restrictive or equal to the default internal access.

      Delete
    2. I also think so. So the statement should be updated to "For example, if internal sharing default is set to Public Read-Only for custom object, then valid external default settings will be Private and Public Read Only."

      Delete
  7. In my opinion, it is uselessly to compare these two things. Every kind of this sharing has its own features and differences. Do you agree?

    ReplyDelete
  8. The example is wrong. ""For example, if external sharing default is set to Public Read-Only for custom object, then valid internal default settings will be Private and Public Read Only.""
    Correct is if external sharing defaults is 'Read only' the internal default can be 'read only' or 'Read/write'.

    ReplyDelete
  9. to seize the beginner and simply take your difficult gained cash. These landmines or cons exist in all facets of marketing and for every thing you'll undoubtedly have to proceed and construct a fruitful on line or eCommerce business. Managed IT Services

    ReplyDelete
  10. state which OS can win: MS Windows, MAC, SUN Solaris, UNIX; plus no one could also anticipate which DB software it services los angeles

    ReplyDelete
  11. A debt of gratitude is in order for the blog entry amigo! Keep them coming... allsafe technologies

    ReplyDelete
  12. Here, we will discuss the most important factors to consider while selecting a support company and buying its plan.cloud backup

    ReplyDelete
  13. Thanks for this informative post on managed services! It's been super helpful for my research. Do you know any other good websites on this topic? I'm particularly interested in learning more about .Managed IT Services in Calgary

    ReplyDelete