Understanding Sharing in Apex Class

To enforce sharing rule on an apex class we use key work – with sharing or with out sharing.  And non-sharing-speficied classes – which is sometime really confusing.

By default Apex code run on the System Context, which means In System context apex code can access all Objects and fields – object permission, field-level security(FLS), sharing rules are not applied for the current user.

With Sharing –

with sharing means “With Security Sharing Setting enforced” for the current user for the class.

public with sharing class sharingClass {
// Code here
}

Without sharing

without sharing mean “without security sharing setting enforced” for the current user to the accessing class.

public without sharing class noSharingClass {
// Code here
}

Further Details –

  • The sharing setting of the class where method is defined is applied, not of the class where method is called.
    • For example –  if a method is defined in a class declared with with sharing is called by a class declared with without sharing, the method executes with sharing rules enforced
  • If a class is declared as “with sharing” then, the sharing settings apply to all code contained in the class, including initialization code, constructors and methods. However.
  • Both inner classes and outer classes can be declared as with sharing.
  • Inner Classes DO NOT inherit sharing settings from the container class.
  • Classes inherit this setting from a parent class when one class extends or implements another.
  • If a class is not declared either with sharing or without sharing, then by default, such a class is executed in system mode, i.e. without sharing mode; and current sharing rules remain in effect- which means that if any other class that has sharing enforced, calls such a non-specified-sharing class, then the called or non-specified-sharing class is executed in “with sharing” mode.
  • If class B extends class A, then all code in class B inherits the same sharing settings that class A . However, class B’s inner classes do not inherit class B’s sharing settings.
  • If a class is not declared either with sharing or without sharing, then by default, such a class is executed in system mode, i.e. without sharing mode; and current sharing rules remain in effect- which means that if any other class that has sharing enforced, calls such a non-specified-sharing class, then the called or non-specified-sharing class is executed in “with sharing” mode.
    • But If you run a class that has no sharing in Execute Anonymous, or in Chatter, it is treated as “with sharing.”
  • If a with sharing class calls a without sharing class, then the called method(s) will be executed in the mode of the class in which they were defined, in this case, the called method(s) will execute in without sharing mode.

 

  • public with sharing class A {}
  • public without sharing class B{}
  • public class C{}  // Class C is a non-specified-sharing class > without sharing
  1. class B extends A
    1. class B’s code now executes in class A’s mode, i.e. in “with sharing” mode. As the extended class A mode apply on class B.
  2. class B calls class A
    1. called code will now be executed in the mode of the class in which it was defined, in this case, in class A’s mode, i.e. in “with sharing” mode.
  3. class C calls class A
    1. called method’s code in class A will execute in class A’s mode, i.e. in “with sharing” mode.
  4. class C extends class A
    1. code in class C now executes in the parent class A’s mode, i.e. in “with sharing” mode.
  5. class A calls C
    1.  code in class C is executed in class C’s mode, i.e. in “without sharing” mode although it’s sharing settings are unspecified in the class’ declaration.
    2. Class C has no keyword so the caller class i.e class A decides the behaviour and hence sharing rules apply
  6. class A extends C
    1. class A’s code now executes in the parent class C’s mode, i.e. in “without sharing” mode.
    2. If A is “public with sharing class A extends C”, then it is “with sharing,”

NOTE – We can’t enforce field level security(FLS) or profile permissions with “with sharing,” as this would make code much more difficult to debug because of failures.

If you do not specify “with sharing” or “without sharing” for the inner class, it behaves according to the calling class mode, or “without sharing” if called directly.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s