[SalesForce] revoking apex managed sharing permission

I'm using apex managed sharing to grant permissions very similar to how it is done in this example trigger: http://wiki.developerforce.com/page/Using_Apex_Managed_Sharing_to_Create_Custom_Record_Sharing_Logic

However, I also need the ability to revoke or delete this access and having it revert to private. The reason for this is my understanding is that there are only two access options for managed sharing access 'read' or 'edit' with no 3rd option of 'none' or 'private'.

Reference: http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_bulk_sharing_creating_with_apex.htm

I've tried adding the shares to a list and deleting the list and I'm getting the error:
DELETE_FAILED, cannot delete owner or rule share rows,

I also noticed there is a field on the share object 'isDeleted' this field however is not writable.

Does anyone have experience revoking or deleting these permissions once they've been created?

Thanks!

Best Answer

You will need to delete a specific type of sharing record, those with a RowCause value of 'Manual'.

Delete all manual sharing records on a custom object contained in the trigger:

List<MyCustomObject__Share> sharesToDelete = [SELECT Id 
                                                FROM MyCustomObject__Share 
                                                WHERE ParentId IN :trigger.newMap.keyset() 
                                                AND RowCause = 'Manual'];
if(!sharesToDelete.isEmpty()){
    Database.Delete(sharesToDelete, false);
}

Similarly for a standard object (Account):

List<AccountShare> sharesToDelete = [SELECT Id 
                                        FROM AccountShare 
                                        WHERE AccountId IN :trigger.newMap.keyset() 
                                        AND RowCause = 'Manual'];
if(!sharesToDelete.isEmpty()){
    Database.Delete(sharesToDelete, false);
}
Related Topic