+ Start a Discussion
Ketan Solanki29Ketan Solanki29 

Controller with @RemoteAction not enforcing with sharing

Hell Guys, 

I use "with sharing" keyword with class where i added @RemoteAction method but it not enforcing permissions, means it retriving all records rather than the user have access only records in query written inside the class method.

Thanks in Advance,
Ketan Solanki
Rohit B ☁Rohit B ☁
Hi Ketan,
In API releases up to 29, if a @RemoteAction method was called on a class that didn’t explicitly declare with sharing or without sharing, the method ran as though the class was declared with sharing. In other words, the default behavior was different for methods depending on whether they were invoked as part of a standard Visualforce request or a JavaScript remoting request. This wasn’t intended behavior.
Beginning with API 30.0, requests execute consistently, regardless of how the class is declared, or how the method is invoked:
  • By default, without a sharing declaration, the method operates in system mode, as though the class was declared without sharing.
  • Methods in classes declared without sharing operate in system mode.
  • Methods in classes declared with sharing respect the user’s organization-wide defaults, role hierarchy, and sharing rules.

Please refer the below link for more info :-
https://releasenotes.docs.salesforce.com/en-us/spring14/release-notes/rn_vf_remoting_apex_mode.htm

Hope it helps.. :)
Ketan Solanki29Ketan Solanki29
Thanks Rohit & Sourav for the quick reply.

I used "with sharing" keyword in controller when i use the @RemoteAction method which is controller for the Visualforce Component. also used "with sharing" keyword in controller of visualforce page where i am calling @RemoteAction method using JavaScript ( JavaScript Remoting ) but still the controller fetching records which user diden't have access.
Ketan Solanki29Ketan Solanki29
Thanks Rohit & Sourav for the quick reply.

I used "with sharing" keyword in controller when i use the @RemoteAction method which is controller for the Visualforce Component. also used "with sharing" keyword in controller of visualforce page where i am calling @RemoteAction method using JavaScript ( JavaScript Remoting ) but still the controller fetching records which user diden't have access.
Ketan Solanki29Ketan Solanki29
Sorry Guys,

It's my mistake , by mistake was calling wrong  Visualforce Component whoes controller doesn't have "with sharing" keyword in class defination. corrected the controller and now issue is fixed.

Thanks for the help
Dutta SouravDutta Sourav
Glad to know that Ketan. Please mark a Best Answer to help others in the community who might come with same issue.