+ Start a Discussion
Anuj Joshi 42Anuj Joshi 42 

Without sharing controller to with sharing

Hi All,

I have a controller class which was previously written as without sharing. If I change it to with sharing will it have any impact?

Thanks,
Anuj
Manish  ChoudhariManish Choudhari
Hi Anuj,

Yes, if you change your controller with "with sharing" keyword, your controller will run in user context instead of system context.

System Context: If your code runs in system context, it has access to all records and ignore sharing setting of user. Which means running user can see all records exist in your object even if the user does not have access to those records. 

User Context: If your code runs in user context, it respects user's sharing setting and returns only those records which user has access to. The returnds data will depend on running user as different user may have access to different records.

More on this: https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_keywords_sharing.htm

So if you change the controller "with sharing", your user may get less records based on the access the users has on the records.

Let me know if this answers your question and if you need further help on this.

Thanks,
Manish
{!Piyush_soni__c}{!Piyush_soni__c}
Hi Anuj,

With sharing Keyword: This keyword enforces sharing rules that apply to the current user. If absent, code is run under default system context. Use the with sharing keywords when declaring a class to enforce the sharing rules that apply to the current user. Use With Sharing when the User has access to the records being updated via Role, Sharing Rules, Sales Teams – any sort of sharing really.


Without sharing keyword: Ensures that the sharing rules of the current user are not enforced. Use the without sharing keywords when declaring a class to ensure that the sharing rules for the current user are not enforced. For example, you may want to explicitly turn off sharing rule enforcement when a class acquires sharing rules when it is called from another class that is declared using with sharing. Without Sharing is reserved for cases where the User does not have access to the records, but there is a need to update them based on user input.

Some things to note about sharing keywords:
  • The sharing setting of the class where the method is defined is applied, not of the class where the method is called. For example, if a method is defined in a class declared with with sharing is called by a class declared with without sharing, the method will execute with sharing rules enforced.
  • If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect. This means that the class doesn’t enforce sharing rules except if it acquires sharing rules from another class. For example, if the class is called by another class that has sharing enforced, then sharing is enforced for the called class.
  • Both inner classes and outer classes can be declared as with sharing. The sharing setting applies to all code contained in the class, including initialization code, constructors, and methods.
  • Inner classes do not inherit the sharing setting from their container class.
  • Classes inherit this setting from a parent class when one class extends or implements another.
Hope it will help you to understand the concept of with or without sharing class

Thanks, let us know if it helps you
Anuj Joshi 42Anuj Joshi 42
Hi Manish,

I have a requirement that my without sharing controllers must be changed to with sharing as per my client's code review. I am not sure where to start with?

Regards,
Anuj
Manish  ChoudhariManish Choudhari
Hi Anuj,

There is non staraight forward method to find the total impact of this. What I would suggest you to follow below points:
1. Get the user details and their profile and role from your client who will be accessing this controller (VF page) on day to day basis. This will help you to find which users will be most impacted with this.
2. Check in your sandbox, what access these users have and if they will have any impact due sharing settings. For this run the controlelr first in without sharing mode and check how many records are being return by SOQL. Then run the controller again by signing using the impacted user Ids and run the controller in with sharing mode. Compare the soql query return.
3. Provide the results to your customer and also explain him about "with sahring" and "without sharing"
4. If you client is ok to process with "with sharing" that should be good.
5. If you client wants the users to see all records and also use "with sharing" at the same time. Then I would suggest you to create a Group for those users and using "Sharing Rule" to grant access to those users.


Note: Try steps 2 and 3 for ~5 users so that will get more idea about the behaviour.

Let me know if any further help is needed on this.

Thanks,
Manish
farukh sk hdfarukh sk hd