+ Start a Discussion
Krystal D.  CarterKrystal D. Carter 

Revoking Sharing through Apex Triggers when Field Values Change

Hi,  

I need help.  I have successfully written a trigger (my first) which adds users in 3 fields as editors of a custom object record. Where I need help is if one or more of those users in those 3 fields change, I need the previous user to no longer have access to the record. 

For Example: 
VP Approver is John Smith -- Record is Saved -- John Smith is given RW access to the record --> VP Approve is changed to Mary Morton--> John Smith no longer has any access to the record and Mary Morton now has RW to the record. 

Here is my current code which is working fine to give VP Approver access, but it does not take the access away when the user is changed. Any help is much appreciated! 

trigger agreement_Sharing on Apttus__APTS_Agreement__c (after update) {

    // We only execute the trigger after a Agreement record has been inserted 
    // because we need the Id of the Agreement record to already exist.
    if(trigger.isUpdate){
        
     
    List<Apttus__APTS_Agreement__Share> sharesToDelete = [SELECT Id 
                                                FROM Apttus__APTS_Agreement__Share 
                                                WHERE ParentId IN :trigger.newMap.keyset() 
                                                AND RowCause = 'Requester Sharing'];
//if(!sharesToDelete.isEmpty()){
    //Database.Delete(sharesToDelete, false);
//} 
    // APTS_Agreement__Share is the "Share" table that was created when the
    // Organization Wide Default sharing setting was set to "Private".
    // Allocate storage for a list of APTS_Agreement__Share records.
    List<Apttus__APTS_Agreement__Share> agreementShares  = new List<Apttus__APTS_Agreement__Share>();
        
        

    // For each of the Agreement records being inserted, do the following:
    for(Apttus__APTS_Agreement__c agreement : trigger.new){

        // Create a new APTS_Agreement__Share record to be inserted in to the APTS_Agreement__Share table.
        Apttus__APTS_Agreement__Share agreementShare = new Apttus__APTS_Agreement__Share();
            
        // Populate the APTS_Agreement__Share record with the ID of the record to be shared.
        agreementShare.ParentId = agreement.Id;
            
        // Then, set the ID of user or group being granted access. In this case,
        // we’re setting the Id of the agreement that was specified by 
        // the User in the agreement__c lookup field on the Agreement record.  
        // (See Image 1 to review the Agreement object's schema.)
        agreementShare.UserOrGroupId = agreement.GP_APVL_C_Level__c;
        //agreementShare.UserOrGroupId = agreement.GP_APVL_Sr_Director__c;
        //agreementShare.UserOrGroupId = agreement.GP_APVL_VP__c;
        //agreementShare.UserOrGroupId = agreement.GP_APVL_Additional__c;
       
        
        // Specify that the agreement should have edit access for 
        // this particular Agreement record.
        agreementShare.AccessLevel = 'edit';
            
        // Specify that the reason the agreement can edit the record is 
        // because he’s the agreement.
        // (agreement_Sharing__c is the Apex Sharing Reason that we defined earlier.)
        agreementShare.RowCause = Schema.Apttus__APTS_Agreement__Share.RowCause.Requester_Sharing__c;
            
        // Add the new Share record to the list of new Share records.
        agreementShares.add(agreementShare);
    }
        
    for(Apttus__APTS_Agreement__c agreement : trigger.new){

        Apttus__APTS_Agreement__Share agreementShare = new Apttus__APTS_Agreement__Share();
        agreementShare.ParentId = agreement.Id;
        agreementShare.UserOrGroupId = agreement.GP_APVL_Sr_Director__c;
        agreementShare.AccessLevel = 'edit';
        agreementShare.RowCause = Schema.Apttus__APTS_Agreement__Share.RowCause.Requester_Sharing__c;
        agreementShares.add(agreementShare);
    }
        
    for(Apttus__APTS_Agreement__c agreement : trigger.new){

        Apttus__APTS_Agreement__Share agreementShare = new Apttus__APTS_Agreement__Share();
        agreementShare.ParentId = agreement.Id;
        agreementShare.UserOrGroupId = agreement.GP_APVL_VP__c;
        agreementShare.AccessLevel = 'edit';
        agreementShare.RowCause = Schema.Apttus__APTS_Agreement__Share.RowCause.Requester_Sharing__c;
        agreementShares.add(agreementShare);
    } 
        
    for(Apttus__APTS_Agreement__c agreement : trigger.new){

        Apttus__APTS_Agreement__Share agreementShare = new Apttus__APTS_Agreement__Share();
        agreementShare.ParentId = agreement.Id;
        agreementShare.UserOrGroupId = agreement.GP_APVL_Additional__c;
        agreementShare.AccessLevel = 'edit';
        agreementShare.RowCause = Schema.Apttus__APTS_Agreement__Share.RowCause.Requester_Sharing__c;
        agreementShares.add(agreementShare);
    }
    // Insert all of the newly created Share records and capture save result 
    Database.SaveResult[] agreementShareInsertResult = Database.insert(agreementShares,false);
        
    // Error handling code omitted for readability.
    }
}
Best Answer chosen by Krystal D. Carter
KaranrajKaranraj
Hi Krystal - Can you try the update code below
trigger removeSharing on Apttus__APTS_Agreement__c(after update){
Set<String> userIdList = new Set<String>();
set<id> parentIdSet = new set<id>();
List<Apttus__APTS_Agreement__Share> removeApptusShare = new List<Apttus__APTS_Agreement__Share>();

for(Apttus__APTS_Agreement__c apts: Trigger.new){
	if(apts.GP_APVL_Additional__c != Trigger.oldMap.get(apts.Id).GP_APVL_Additional__c){
		userIdList.add(apts.GP_APVL_Additional__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_VP__c != Trigger.oldMap.get(apts.Id).GP_APVL_VP__c){
		userIdList.add(apts.GP_APVL_VP__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_Sr_Director__c != Trigger.oldMap.get(apts.Id).GP_APVL_Sr_Director__c){
		userIdList.add(apts.GP_APVL_Sr_Director__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
}
	
for(Apttus__APTS_Agreement__Share accShare: [select id,ParentId from Apttus__APTS_Agreement__Share where ParentId IN: parentIdSet and UserOrGroupId IN:userIdList]){
 if(userIdList.Contains(accShare.UserOrGroupId+'-'+accShare.ParentId)){
    removeApptusShare.add(accShare);
 }
}

if(removeApptusShare.size() > 0)
	delete removeApptusShare;
}

 

All Answers

Prabhat Kumar12Prabhat Kumar12
If you want remove "John Smith" from sharing table you need to use trigger.old and get the old id of VP Approver field and query Sharing table with old id and then delete it.

You can refer following link for more information.

http://www.sfdc99.com/2014/04/06/example-how-to-write-an-advanced-trigger/
KaranrajKaranraj
Hi Krystal - Try the below code logic in your trigger
trigger removeSharing on Apttus__APTS_Agreement__c(after update){
List<id> userIdList = new List<id>();
set<id> parentIdSet = new set<id>();
map<id,Apttus__APTS_Agreement__Share> mapApptusShare = new map<id,Apttus__APTS_Agreement__Share>();
for(Apttus__APTS_Agreement__c apts: Trigger.new){
	if(apts.GP_APVL_Additional__c != Trigger.oldMap.get(apts.Id).GP_APVL_Additional__c){
		userIdList.add(apts.GP_APVL_Additional__c);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_VP__c != Trigger.oldMap.get(apts.Id).GP_APVL_VP__c){
		userIdList.add(apts.GP_APVL_VP__c);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_Sr_Director__c != Trigger.oldMap.get(apts.Id).GP_APVL_Sr_Director__c){
		userIdList.add(apts.GP_APVL_Sr_Director__c);
		parentIdSet.add(apts.Id);
	}
}

List<Apttus__APTS_Agreement__Share> removeApptusShare = [select id from Apttus__APTS_Agreement__Share where ParentId IN: parentIdSet and GP_APVL_Additional__c IN:userIdList or GP_APVL_VP__c IN: userIdList or GP_APVL_Sr_Director__c:userIdList];		
if(removeApptusShare.size() > 0)
	delete removeApptusShare;
}

 
Krystal D.  CarterKrystal D. Carter
You guys are awesome! Let me try it, and i'll report back! 
Krystal D.  CarterKrystal D. Carter
This isn't working for me. it's giving me an error for the "OR" series in your list, Karanaj. :( 
KaranrajKaranraj
Hi Krystal - Can you try the update code below
trigger removeSharing on Apttus__APTS_Agreement__c(after update){
Set<String> userIdList = new Set<String>();
set<id> parentIdSet = new set<id>();
List<Apttus__APTS_Agreement__Share> removeApptusShare = new List<Apttus__APTS_Agreement__Share>();

for(Apttus__APTS_Agreement__c apts: Trigger.new){
	if(apts.GP_APVL_Additional__c != Trigger.oldMap.get(apts.Id).GP_APVL_Additional__c){
		userIdList.add(apts.GP_APVL_Additional__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_VP__c != Trigger.oldMap.get(apts.Id).GP_APVL_VP__c){
		userIdList.add(apts.GP_APVL_VP__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_Sr_Director__c != Trigger.oldMap.get(apts.Id).GP_APVL_Sr_Director__c){
		userIdList.add(apts.GP_APVL_Sr_Director__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
}
	
for(Apttus__APTS_Agreement__Share accShare: [select id,ParentId from Apttus__APTS_Agreement__Share where ParentId IN: parentIdSet and UserOrGroupId IN:userIdList]){
 if(userIdList.Contains(accShare.UserOrGroupId+'-'+accShare.ParentId)){
    removeApptusShare.add(accShare);
 }
}

if(removeApptusShare.size() > 0)
	delete removeApptusShare;
}

 
This was selected as the best answer
Ketan Parab 7Ketan Parab 7
@Karanraj Line 21 to be updated,
trigger removeSharing on Apttus__APTS_Agreement__c(after update){
Set<String> userIdList = new Set<String>();
set<id> parentIdSet = new set<id>();
List<Apttus__APTS_Agreement__Share> removeApptusShare = new List<Apttus__APTS_Agreement__Share>();

for(Apttus__APTS_Agreement__c apts: Trigger.new){
	if(apts.GP_APVL_Additional__c != Trigger.oldMap.get(apts.Id).GP_APVL_Additional__c){
		userIdList.add(apts.GP_APVL_Additional__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_VP__c != Trigger.oldMap.get(apts.Id).GP_APVL_VP__c){
		userIdList.add(apts.GP_APVL_VP__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
	if(apts.GP_APVL_Sr_Director__c != Trigger.oldMap.get(apts.Id).GP_APVL_Sr_Director__c){
		userIdList.add(apts.GP_APVL_Sr_Director__c+'-'+apts.Id);
		parentIdSet.add(apts.Id);
	}
}
	
for(Apttus__APTS_Agreement__Share accShare: [select id,ParentId from Apttus__APTS_Agreement__Share where ParentId IN: parentIdSet ]){
 if(userIdList.Contains(accShare.UserOrGroupId+'-'+accShare.ParentId)){
    removeApptusShare.add(accShare);
 }
}

if(removeApptusShare.size() > 0)
	delete removeApptusShare;
}