Sharing rules, let us make automatic exceptions to
organization-wide defaults for particular groups of users.Sharing rules can
never be stricter than our org-wide default settings.We can extend the organization
wide default setting with sharing rules.
Example – If any object is private with org-wide default
then we can extend the access to public read only or public read write
with sharing rule.
Salesforce provide a way by which we can create sharing rule by
only point and click from the salesforce standard. You can set any
criteria and give access to the object’s record . Example – Suppose u need to
create a sharing rule for lead object when the lead field “Is_public” become
true then you can easily add this criteria and give public access to the
particular User or group etc.
But some cases are there where we can’t use the standard sharing
rule functionality that’s why we need to create sharing rules with apex.
Let’s take a case example – I have a field “Reports to” in case object and
this field is lookup to User object and we need to give public access to that
user for their particular record. Suppose when a case is created and we select
some user in the “Reports to” field then we want to give public access to this
selected user for that record.So it is not possible with standard sharing
rules. We need to create sharing rule for case object via apex.
Here I am sharing the code for how to create sharing rule for
any object via Apex,each object has their own sharing object for case it is
“CaseShare ” .We need to write down a trigger on case :
Example:
trigger ShareWithReportingMng on Case (after insert) {
List<CaseShare> csShareList = new List<CaseShare>();
for( Case cs : trigger.new ) {
if( cs.Reports_to__c != NULL ) {
// Create a new caseShare object for each case where reports_to__c field is not NULL.
CaseShare csShare = new CaseShare();
// Give Read write access to that user for this particular case record.
csShare.CaseAccessLevel = 'edit';
// Assign case Id of case record.
csShare.CaseId = cs.id;
// Assign user id to grant read write access to this particular case record.
csShare.UserOrGroupId = cs.Reports_to__c;
csShareList.add( csShare );
}
}
if( csShareList != null && csShareList.size() != 0 ) {
try {
insert csShareList;
}catch( Exception e ) {
trigger.new[0].Reports_to__c.addError('Error::::::'+e.getMessage());
}
}
}
List<CaseShare> csShareList = new List<CaseShare>();
for( Case cs : trigger.new ) {
if( cs.Reports_to__c != NULL ) {
// Create a new caseShare object for each case where reports_to__c field is not NULL.
CaseShare csShare = new CaseShare();
// Give Read write access to that user for this particular case record.
csShare.CaseAccessLevel = 'edit';
// Assign case Id of case record.
csShare.CaseId = cs.id;
// Assign user id to grant read write access to this particular case record.
csShare.UserOrGroupId = cs.Reports_to__c;
csShareList.add( csShare );
}
}
if( csShareList != null && csShareList.size() != 0 ) {
try {
insert csShareList;
}catch( Exception e ) {
trigger.new[0].Reports_to__c.addError('Error::::::'+e.getMessage());
}
}
}
So now you can create sharing rules from apex as above and
delete that sharing when needed with apex(delete event).
Considerations and Limits of Sharing Rules
- Sharing Rules cannot be stricter than Organization Wide Defaults. If access needs to be restricted, another type of security should be used. Sharing rules are typically used to extend access to records.
- Manual Sharing is only available on individual records, it is not available for all records of a certain object.
- Sharing Rules are only applicable on records that have Private or Public Read Only access.
- With Sharing Rules you have the option to give read only or read/write access to records. We recommend being very conscious of what level of security users really need (i.e. is the access for informational purposes only or full collaboration).
- When setting Automatic and Manual Sharing users and admins have the ability to define if the security should be extended to related records. Make sure that extending the security makes sense before making the final decision to give this access.
3 comments:
Superb artical.. thank you for sharing..:)
Thanks. It is more helpful for me at initial level.
Records shared via apex is not visible in community report.
Post a Comment