With Sharing Keyword and Without Sharing Keyword

    System mode -
  • System mode is nothing but running apex code by ignoring user's permissions. For example, logged in user does not have create permission but he/she is able to create a record.

  •  Means eventhough user does not have necessary profile level permission, record level permission or field level permission, but still they can perform any operation on it.

  • In system mode, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren't applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.
  • In Salesforce, all apex code run in system mode. It ignores user's permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn't enforce user permissions or field-level permissions, it only enforces record sharing.

  • User mode
    • User mode is nothing but running apex code by respecting user's permissions and sharing of records. For example, logged in user does not have create permission and so he/she is not able to create a record.

    •  all Profile level permissions, sharing rules and Field level security are enforced in Apex if it runs in User mode. Standard Controller and Anonymous Apex runs in User mode.

    • In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.

    • Without Sharing keyword - 
      • The 'without sharing' keyword is to ensure that the sharing rules (not permissions) for the current user are not enforced.
      • Example - Let's consider that the OWD for Account is private, no account records are owned by or shared with an user 'u' and a "without sharing" class called MyClass is fetching account records in a list. Now if class 'MyClass' is run by user 'u' then account records will be fetched. Remember that whether the user 'u' is having full CRUD or having no CRUD, records will be fetched.
      With Sharing keyword - 
      • The with sharing keyword allows you to specify that the sharing rules (and not permissions) for the current user be taken into account for a class. You have to explicitly set this keyword for the class because Apex code runs in system mode.
      • Example - Let's consider that the OWD for Account is private, no account records are owned by or shared with an user 'u' and a "with sharing" class called MyClass is fetching account records in a list. Now if class 'MyClass' is run by user 'u' then no records will be fetched. Remember that whether the user 'u' is having full CRUD or having no CRUD record will not be fetched.
      Some more things to note about sharing keywords:
      1. The sharing setting of the class where the method is defined is applied, not of the class where the method is called. For example, if a method is defined in a class declared with with sharing keyword is called by a class declared with without sharing keyword, the method will execute with sharing rules enforced.
      2. If a class isn’t declared as either with or without sharing, the current sharing rules remain in effect. This means that if the class is called by a class that has sharing enforced, then sharing is enforced for the called class.
      3. Both inner classes and outer classes can be declared as with sharing. The sharing setting applies to all code contained in the class, including initialization code, constructors, and methods.
      4. Inner classes do not inherit the sharing setting from their container class.
      5. Classes inherit this setting from a parent class when one class extends or implements another.

      Note 
  1. If a class isn’t declared as either with or without sharing, by default class will execute without sharing
  1. As keywords 'With Sharing & Without Sharing' themselves suggests that they have nothing to do with permissions on object & fields. They only play role in selecting records on sharing basis.
           when  class is executing in system mode we need keep in mind three things is that 

  1. Even though  you don't have CURD operations at profile level we can perform  all DML operations on records.
  2. when apex class is executing in system mode FLS will be defaulted to Editible it means at profile  level you have restriction on field editble but still you can edit field by default .
  3. when apex class is executing in system mode the OWD will be Public /Read/Write by  default then we don't need think about  manual sharing ,apex sharing ,roles,sharing rules.


 In class declaration if we don’t write keyword “with sharing” then it runs in system mode then why keyword “without sharing” is introduced in apex?
Ans

Lets take example, there is classA declared using “with sharing” and it calls classB method. classB is not declared with any keyword then by default “with sharing” will be applied to that class because originating call is done through classA. To avoid this we have to explicitly define classB with keyword “without sharing”.

2. What is the difference between system mode (system context) and user mode (user context)?

System Mode: Current logged in user permissions (Object-level, Field-level, Record-level security) won't be considered. Even though user doesn't has access, it will provide full permissions.
User Mode: Current logged in user permissions (Object-level, Field-level, Record-level security) will be considered.
Note: to apply security for Apex Class, we can use with sharing while declaring the class. With sharing will apply only Record-level security. It won't apply Object-level and Field-level security.

Comments

Post a Comment

Popular posts from this blog

Security model

Image
  Salesforce provides a robust and flexible data security model to secure data at different levels. It also provides a sharing mechanism to open up access securely based on business need. Organization level security For your whole org, you can maintain a list of authorized users, set password policies, and limit logins to certain hours and locations. Login IP Ranges  – Login IP Ranges defines a set of IP ranges, so a user with that profile can only log in from that set of IP ranges. If the user tries to log in outside that range, the user would be simply kicked out. There is always confusion between trusted IP ranges and login IP ranges. The difference is, using trusted IP ranges, users can log in outside the trusted IP range with verification method, whereas with login IP range, there is no way to log in outside login IP range . Login Hours – It allows us to set login and log out time-based on the day for users with the profile. You can set time daily in a week. With the help of Login
Read more

EVENTS IN Lightning Web Components

Events in Lightning web components (LWC) | Communicate with Events In this post we will talk about how to use the lightning web component events to communicate between components. Events in Lightning web components are built on DOM Events, a collection of APIs and objects available in every browser. Here we will be see how to the events using the CustomEvent interface and publish-subscribe utility. COMPONENT COMMUNICATION THROUGH EVENTS There are typically 3 approaches for communication between the components using events. Communication using Method in LWC ( Parent to Child ) Custom Event Communication in Lightning Web Component (Child to Parent ) Publish Subscriber model in Lightning Web Component ( Two components which doesn't have a direct relation )  1) COMMUNICATION USING METHOD IN LWC (PARENT TO CHILD) In Aura framework, we can call the method of Child Component from the Parent Component with the help of <aura:method> . In LWC also we can do the same. In LWC Aura Method
Read more

Lightning web Components.

 Lightning Web Components:-  Lightning web components are leverages  new web standards  and allows developers to create web components which  can work in Salesforce Lightning platform. It is new programing model to create lightning components. Lightning Web components are custom HTML elements built using HTML and modern java script ES6+. Lightning Web Components uses core Web Components standards and provides only what's necessary to perform well in browsers supported by Salesforce. Lightning Web Components are lightweight and delivers exceptional performance. Because its built on code that runs natively in browsers. All the key elements  to create component are part of native web browser engine and you don't need any framework to create these components. These are based on modern web standards and It enhance and make use of custom elements, templates ,decorators, Shadow DOM, various modules in ECMAScript7.
Read more