UseWithSharingOnDatabaseOperation (Generally Available)

The UseWithSharingOnDatabaseOperation rule identifies database operations in classes annotated as without sharing. It also warns of database operations in classes that inherit with sharing implicitly instead of explicitly using inherited sharing.

With Salesforce sharing rules, you can control who has access to which records, but it's your responsibility to ensure that your Apex code respects sharing rules by declaring classes with a sharing model.

  • with sharing causes database transactions in a class to respect sharing rules. It's the default recommendation.
  • without sharing causes database transactions in a class to ignore sharing rules. Use with caution.
  • inherited sharing causes database transactions in a class to inherit the sharing model of the class that called it. Use for classes that require flexibility.

To protect user data in Apex, use with sharing or inherited sharing whenever possible.

Source

@AuraEnabled-annotated methods. @InvocableMethod-annotated methods. @NamespaceAccessible-annotated methods. @RemoteAction-annotated methods. Any method returning a PageReference object. public-scoped methods on Visualforce Controllers. global-scoped methods on any class. Messaging.InboundEmailResult handleInboundEmail() methods on implementations of Messaging.InboundEmailHandler. Any method targeted during invocation.

Sink

Any database operation.

Sanitizer

Class-level with sharing or inherited sharing annotation.

Match any violation message that you receive with these cases to understand more about the violation.

Database operation must be executed from a class that enforces sharing rules.

The database operation occurs in a without sharing context, either because it occurs in a class annotated without sharing or because its class inherits sharing from a without sharing class. To resolve this violation, add with sharing or inherited sharing to the class.

The database operation’s class implicitly inherits a sharing model from %s %s. Explicitly assign a sharing model instead.

This warning is thrown when a database operation occurs in a class that has no explicitly declared sharing model, so it implicitly inherits with sharing from its calling class. Even though the operation is secure in this specific case, it isn’t secure by default. Explicitly assign this class a sharing model to make it secure by default.