+ Start a Discussion
Sivakumari2iSivakumari2i 

Sharing settings

Hi,

 

In my developer account i have created the following user.

 

 User1 - Administrator

 User2 - Standard User (User license - Salesforce).

 

User1 has creted a custom object Test__c and enabled permission set (Availability - True, Access - Read) for User2, so that User2 can view the records in  Test__c.

 

For the standard object Opportunity User1 has created following trigger,

 

trigger employee_id on Opportunity (after insert, after update)
{
    List<AggregateResult> result = [SELECT OwnerId, Sum(Amount)tvalue FROM Opportunity GROUP BY OwnerId];
    List<Test__c> mylist = new List<Test__c>();
    Set<Test__c> myset = new Set<Test__c>();    
    for (Opportunity s : Trigger.new)
     {
        for(AggregateResult ar : result)
        {
            Test__c mytest = new Test__c();
            mytest.User__c = string.valueOf(ar.get('OwnerId'));
            integer v = integer.valueOf(ar.get('tvalue'));
            mytest.Sum_opp__c = v;
            if(myset.add(mytest))
            {
                mylist.add(mytest);
            }
        }
     }
     try
     {
        insert mylist;
     }
     catch (system.Dmlexception e)
     {
        system.debug (e);
     }
}

 

User1 has created Sharing setting for standard object Opportunity and custom object Test__c as private, so that User1 can view all the records and User2 can view only his records as grant access using hierarchies is enabled.

 

But my problem is, when i run the trigger from both the user account, User2 can view the results of User1 in Test__c(custom Object).

But actually User2 cant view the Opportunity records of User1 due to sharing settings(private).

Similarly User2 must not be allowed to view the results of User1 in Test__c.

 

Is there any way to prevent that issue?

 

Regards,

S.Sivakumar

 

Best Answer chosen by Admin (Salesforce Developers) 
Parth_SevakParth_Sevak

both are same. OWD == Sharing Setting(Set up -> Security controls --> Sharing Settings).

 

You have already set Private to both object. And also make sure that no other settings like sharing rule/role heirarchy/apex sharing permit record visibility to user2. 

 

Then create class with "with sharing" keyword,  move all trigger logic in this class method. and just call it from trigger. 

 

With sharing key word does, make sure that trigger will run in current user context.

 

hope this will work.

All Answers

Parth_SevakParth_Sevak

As Opportunity & Test_c both OWD, set to 'Private'. So ideally records of User1 must be hidden from User2. 

With consideration that there is no other sharing exists, which may lead to expose User1 records to User2.

You can do one thing, Put all trigger code in one class, it must be declared  "With Sharing" keyword, So trigger will impose OWD.

Like,

public with sharing class updateRecords {

    //your method

}

 

Sivakumari2iSivakumari2i

I have set both the objects sharing setting to be private.

It gets violated when trigger is initiated by User2. User2 is able to view the records of User1 in cutom object Test__c.

Sivakumari2iSivakumari2i

What is mean by OWD?

 

Can you explain me clearly? How to use Sharing in Apex class?What is the use of it?

Parth_SevakParth_Sevak

both are same. OWD == Sharing Setting(Set up -> Security controls --> Sharing Settings).

 

You have already set Private to both object. And also make sure that no other settings like sharing rule/role heirarchy/apex sharing permit record visibility to user2. 

 

Then create class with "with sharing" keyword,  move all trigger logic in this class method. and just call it from trigger. 

 

With sharing key word does, make sure that trigger will run in current user context.

 

hope this will work.

This was selected as the best answer
Sivakumari2iSivakumari2i

Hey thanks.

It works perfectly if i declare the class as with sharing.

 

Thank u very much

 

Regards,

S.Sivakumar