Record Sharing

Record Sharing

• OWDs - Organization-Wide Defaults
• Manual Sharing
• Sharing Rules - Owner based, criteria-based
• Permission Set
• Roles
• Profiles 

If Territory management is enabled, Account access and opportunity assignment based on the territory can be managed.

OWD : 

    levels of access

• Public Read/Write/Transfer
• Public Read/Write
• Public Read/Only
• Private         

Apex Sharing:

    This helps to share a record programmatically.

    For each sObject, there is a corresponding sObject__share object. Need to insert records with sharing record id and the user or group id to whom record needs to be shared.

    Need to assign an accessLevel(Read)

    

Apex with Sharing and Without-sharing:

  Two contexts:

•   System context is associated with "without-sharing" it ignores the sharing model and has access to everything
•   Triggers, custom web services, visual force custom controllers and custom extensions and test run in this context,
•   User Context associated with "With Sharing" returns only records that are associated with the current user.
•   Anonymous blocks, Visual force standard controllers, and extensions run in this context.

  Even though test classes are run in the system context, we can use system.runAs to emulate user.
  Hence with sharing respects the sharing model and without sharing ignores the sharing model.
  Every trigger by default uses system context so all the records are visible despite the sharing model. If we are planning to use "with sharing", write all the login in another class and mark it as with sharing and call that method from the trigger.