+ Start a Discussion
CraigHCraigH 

Apex managed sharing giving exception when using a role

I am trying to create an apex managed sharing rule for a custom object where a share to a UserRole is setup.  As a test, I setup a Role, Group, custom object, sharing reason using the force.com UI and then ran this test method:

 

static testMethod void test() { UserRole testRole; Group testGroup; Custom_object__c obj; testGroup = [SELECT id from Group where name='test']; testRole = [SELECT id from UserRole where name='test']; obj = [SELECT id from Custom_object__c LIMIT 1];

 

// This works OK insert new Custom_object__Share(ParentId = obj.id, UserOrGroupId = testGroup.id, rowCause = Custom_object__Share.rowCause.Apex_test_share__c, AccessLevel = 'Edit');

 

 

// This gives an exception

insert new Custom_object__Share(ParentId = obj.id, UserOrGroupId = testRole.id, rowCause = Custom_object__Share.rowCause.Apex_test_share__c, AccessLevel = 'Edit'); }

 

 

When I try this, the share for the testGroup.id works ok, but the attempt to set UserOrGroupId to the testRole.id gives the following exception:

 

System.DmlException: Insert failed. First exception on row 0; first error: FIELD_INTEGRITY_EXCEPTION, User/Group ID: id value of incorrect type: 00EA0000000De5gMAC: [UserOrGroupId]

 

 

From the apex reference manual, it seems to indicate you can set the UserOrGroupId to a role:

 

UserOrGroupId The user or group IDs to which you are granting access. A group can be a public group, role, or territory. This field cannot be updated.

 

Does anybody have any ideas what this is not working?

Best Answer chosen by Admin (Salesforce Developers) 
bob_buzzardbob_buzzard
Where I've used this before (not very often, I hasten to add) I've created a Group where the members are Roles rather than trying to use the roles directly. 

All Answers

bob_buzzardbob_buzzard
Where I've used this before (not very often, I hasten to add) I've created a Group where the members are Roles rather than trying to use the roles directly. 
This was selected as the best answer
CraigHCraigH

If you use a group, does it stay up to date with any changes users in roles?

 

i.e.

 

Point in time A

-create 'managers' role

-for the user craig, make his role 'manager'

  -create a group  'all managers' and point it to the 'managers' role

 

-call apex code to setup a sharing rule between an object and the 'all managers group'

 

Point in time B

-lets say I goto the user craig and change his role to something else

-lets say I create a new user mark and make his role be 'manager'

 

Will things automatically get figured out based on the earlier sharing rule?  i.e. craig no longer has access but now mark does.  Note that in this example, neither craig or mark have anything to do with the owner of the custom object record - the owner says the same.

 

Or more generally when you setup a sharing rule to grant access to a group or role, when a user tries to access a record do the sharing rules get examined in real time to see if the user can access (vs being set at the time the rule was created)

 

bob_buzzardbob_buzzard

That's certainly my understanding and experience of how things work.  There wouldn't be much value to allowing groups of roles to be created if the role to user mapping was based on a single point in time snapshot.