As an application developer, we highly recommend that you
declare all your Apex controllers “with sharing” in order to ensure that you’re
respecting the sharing rules configured by an org administrator. However, there
are legitimate use cases where a controller must run in system context (without

You should provide an org administrator the ability to explicitly
approve such behavior to avoid leakage of data to unauthorized users. Details
on implementing such functionality can be found in the following discussion
board post:


-Varun Badhwar

Get the latest Salesforce Developer blog posts and podcast episodes via Slack or RSS.

Add to Slack Subscribe to RSS