Enforce Sharing Rules

In Apex, sharing rules are always enforced by default. Use the with sharing, without sharing, and inherited sharing keywords to control record-level security. If you don't want sharing rules to be enforced, then you must declare a class with the without sharing keyword.

Apex code that is executed with the executeAnonymous call and Connect in Apex always execute using the sharing rules of the current user. See Anonymous Blocks.

Note

Sharing rules are distinct from, and can co-exist with object-level and field-level permissions. While with sharing is the default sharing mode, Salesforce recommends that you use keyword declarations on all your classes to make your code easier to maintain. For more information, see Use the with sharing, without sharing, and inherited sharing Keywords.

Using the with sharing keyword doesn’t enforce the user’s permissions and field-level security.

Note

This example has two classes, the first class (CWith) enforces sharing rules while the second class (CWithout) doesn’t. The CWithout class calls a method from the first, which runs with sharing rules enforced. The CWithout class contains an inner class, in which code executes under the same sharing context as the caller. It also contains a class that extends it, which inherits its without sharing setting.

1public with sharing class CWith {
2  // All code in this class operates with enforced sharing rules.
3
4  Account a = [SELECT . . . ];
5
6  public static void m() { . . . }
7  
8  static {
9    . . .
10  }
11
12  {
13    . . .
14  }
15
16  public void c() {
17    . . .
18  } 
19}
20
21public without sharing class CWithout {
22  // All code in this class ignores sharing rules and operates 
23  // as if the context user has the Modify All Data permission.
24  Account a = [SELECT . . . ];
25  . . .
26
27  public static void m() {  
28     . . . 
29
30    // This call into CWith operates with enforced sharing rules
31    // for the context user. When the call finishes, the code execution 
32    // returns to without sharing mode.
33    CWith.m();
34  }
35
36
37  public class CInner {
38    // All code in this class executes with the same sharing context
39    // as the code that calls it. 
40    // Inner classes are separate from outer classes.
41    . . .
42
43    // Again, this call into CWith operates with enforced sharing rules
44    // for the context user, regardless of the class that initially called this inner class.
45    // When the call finishes, the code execution returns to the sharing mode that was used to call this inner class.
46    CWith.m();
47  }
48
49  public class CInnerWithOut extends CWithout {
50    // All code in this class ignores sharing rules because
51    // this class extends a parent class that ignores sharing rules.
52  }
53}

Because a class declared as with sharing can call a class declared as without sharing, you may still have to implement class-level security. In addition, all SOQL and SOSL queries that use Pricebook2 ignore the with sharing keyword. All price books are returned, regardless of the applied sharing rules.

Warning

Enforcing the current user's sharing rules can impact:

  • SOQL and SOSL queries. A query can return fewer rows than it would operating in system context.
  • DML operations. An operation can fail because the current user doesn't have the correct permissions. For example, if the user specifies a foreign key value that exists in the organization, but which the current user doesn’t have access to, then the DML operation fails.

Versioned Behavior Changes

In API version 67.0 and later, classes without an explicit sharing declaration are run in the current user context. In API version 66.0 and earlier, for classes without an explicit sharing declaration, the current sharing rule remains in effect.