I am working on a scenario where record created by users with permission set 'A' should be visible to users with permission set 'B'. On googling I came across apex sharing of a record programmatically. However the one thing I could not understand is the usage of rowCause and the difference of using rowcause manual and custom rowcause. I don't see what difference does it make if one uses custom rowcause (using sharing reason) instead of manual rowcause.
[SalesForce] apex record sharing with and without manual rowcause
Related Solutions
[SalesForce] Record sharing using lookup field criteria using apex (similar to controlled by parent)
"Controlled by parent" option is only available in Master-Detail relationship.
You can use Apex to share records. Every custom object has its Share object created by default; __Share. You only get the Share object created if OWD is Private/Read Only.
So if custom object name is Job, it will look like this:
List<Job__Share> jobShareList = new List<Job__Share>();
for(Job__c job : Trigger.new){
Job__Share jobShr = new Job__Share();
// Set the ID of record being shared.
jobShr.ParentId = recordId;
// Set the ID of user or group being granted access.
jobShr.UserOrGroupId = userOrGroupId;
// Set the access level.Can be Edit, Read
jobShr.AccessLevel = 'Edit';
jobShr.RowCause = Schema.Job__Share.RowCause.Manual;
jobShareList.add(jobShr);
}
Database.SaveResult sr = Database.insert(jobShareList);
This will handle the records in bulk.
With the help of Eric I am going to try to answer my question by myself:
CRUD and FLS is part of metadata, so information about (custom) objects in general. With the Schema Class one should determine CRUD/FLS of objects, not records. Although you can receive the DescribesObjectResult
for a record and the results might differ whether you own a record or not, you should use the Schema Class only to describe objects, not records.
Coming to access to records records, one can filter out records the current user has no access to with the with sharing
keyword for classes, however this only partially describes record access. with sharing
does not describe CRUD/FLS permission, but merely states that a record is owned by or shared with the current user, but not even if the current user has read access.
So if you really want to find out on a record level which access (any) user has to a specific record, a SOQL Query to the table UserRecordAccess
is required, further information can be obtained here.
If nobody objects or has further additions, I will mark this as the correct answer in a couple of days.
Best Answer
RowCause helps you to debug the Sharing for specified User and keeps the Share table organized .
"Manual" is designated for Rowcause by system in case of manual sharing that happens through UI Interface by clicking on the Share button while Custom RowCause are meant to be used with apex sharing .
Create a "RowCause" on your Object and keep the label something meaningful so its easier to debug later on in case sharing records are missing .