Understanding ‘with sharing,’ ‘without sharing,’ and ‘inherited sharing’ in Salesforce

Understanding “with sharing,” “without sharing,” and “inherited sharing”

Imagine you’re running a magical library. Different sections of the library have unique rules. Some areas are open to everyone, some only to premium members, and others depend on the librarian’s current mood. Salesforce’s sharing keywords—with sharing, without sharing, and inherited sharing—work much the same way. They decide who can access what and when, just like those library rules.

Today, let’s explore these keywords in Salesforce Apex classes in a fun and easy way. By the end of this post, you’ll know how to make these sharing decisions for your own “magical Salesforce library.”

Why Do Sharing Rules Matter?

Before diving in, let’s address an important question: why care about sharing rules? Salesforce is all about managing data securely. You don’t want every user to access sensitive information like salaries or confidential business plans. Sharing rules define which users can view or edit which records.

Meet the Keywords: with sharing, without sharing, and inherited sharing

1. With Sharing: Playing by the Rules

This is like a librarian following strict access policies. If a premium member can’t enter the VIP section, the librarian honors that rule.

When you write an Apex class using with sharing, it respects the sharing settings of the user running the code. It checks if the user has permission to access specific records.

Revolutionize Your Business With Generative AI

From product design and software development to virtual agents, content creation, and reporting, GenAI is transforming business. Our AI experts help you unlock GenAI’s full potential and drive growth.

Let’s Get Started

Example:

public with sharing class LibraryWithSharing {

    public void displayBooks() {

        // Only books the current user is allowed to see will be retrieved

        List<Book__c> books = [SELECT Name FROM Book__c];

    }

}

• If the user running this code doesn’t have access to a certain book, that book won’t appear in the results.
• Use with sharing for classes dealing with sensitive data to prevent unauthorized access.

2. Without Sharing: The Librarian Goes Rogue

Imagine the librarian decides, “Forget the rules—I’ll show everything to everyone!” That’s without sharing. The code ignores sharing rules and displays all records, whether or not the user has access.

Example:

public without sharing class LibraryWithoutSharing {

    public void displayBooks() {

        // Retrieves all books, ignoring user permissions

        List<Book__c> books = [SELECT Name FROM Book__c];

    }

}

• Useful for admin-related tasks, like system processes or data cleanup, where permissions shouldn’t block the functionality.
• Be careful! Overusing without sharing can expose sensitive data unintentionally.

3. Inherited Sharing: Go with the Flow

This is like a librarian saying, “Let’s follow the rules set by the head librarian today.” With inherited sharing, the Apex class follows the sharing rules of the class or context that called it.

Example:

public inherited sharing class LibraryInheritedSharing {

    public void displayBooks() {

        // Follows the sharing rules of the calling context

        List<Book__c> books = [SELECT Name FROM Book__c];

    }

}

• Introduced in Summer ’21, this keyword is perfect for utility or helper classes that should adapt to their caller’s context.
• If the calling context uses with sharing, the helper class respects that. If it’s without sharing, the helper adapts accordingly.

How Do You Decide Which Keyword to Use?

The choice depends on your requirements:

• Use with sharing when you need to honor user permissions and protect sensitive data. For instance, in customer-facing applications where users should only see their own records.
• Use without sharing when permissions could interfere with critical processes like batch jobs or system integration.
• Use inherited sharing for versatile utility classes that need to adapt dynamically.

Common Questions Answered

1. What happens if I don’t specify any keyword?
   If no keyword is mentioned, Apex defaults to running in “system mode.” This means sharing rules are ignored, similar to without sharing. Be cautious, as it might expose data unexpectedly.
2. Can I mix these keywords in one class?
   No. A class can only have one sharing declaration. However, you can call another class with a different sharing keyword to combine behaviors.
3. What about triggers?
   Triggers always run in system mode. To enforce sharing rules within a trigger, call an Apex class declared as with sharing from the trigger.

A Real-Life Analogy

Imagine you’re organizing a wedding guest list:

• With Sharing: Only people invited by the bride or groom can enter.
• Without Sharing: The doors are wide open—anyone can walk in.
• Inherited Sharing: The wedding planner decides entry rules based on whether it’s a private or public event.

Key Takeaways (Your Cheat Sheet)

• With Sharing: Respects user permissions and sharing rules.
• Without Sharing: Ignores sharing rules—handle with caution!
• Inherited Sharing: Follows the sharing rules of the calling context—great for helper classes.

Understanding these sharing keywords ensures your Salesforce environment stays secure while meeting business needs. As you write more Apex code, these principles will become second nature—just like knowing which library sections are for premium members.

Happy coding! 😊