Sharing and Security – Best Practices

As an application developer, we highly recommend that you
declare all your Apex controllers “with sharing” in order to ensure that you’re
respecting the sharing rules configured by an org administrator. However, there
are legitimate use cases where a controller must run in system context (without

You should provide an org administrator the ability to explicitly
approve such behavior to avoid leakage of data to unauthorized users. Details
on implementing such functionality can be found in the following discussion
board post:


-Varun Badhwar

September 13, 2010

Leave your comments...

Sharing and Security – Best Practices