Assume we have many groups of customer portal users and each group has an account that represents their company. We'd like each group of users to have full Read/Write/Delete access to each other's records, but no access to any other group's (account's) records. In all objects, each record has an external ID field that starts with a group-specific combination. We only want to share custom object records.
To accomplish this using Force.com Managed Sharing would entail manually creating a sharing rule per object per group while also maintaining a public group for each account which is quite cumbersome.
We would instead prefer to use Apex Managed Sharing to accomplish this. Looking at the docs, I see that the highest level of record access you can assign via Apex Managed Sharing is Read/Write. Is there absolutely no way to assign delete access?
How else might we implement this type of sharing structure?
Best Answer
This doesn't appear to be possible. If other permissions are already in place, a workaround for the delete problem is to create a custom controller with the delete operation and give it the
without sharingmodifier.