Sharing/Security in Salesforce

 

By default APEX runs in system mode - without sharing mode

with sharing :

without sharing:

inherited sharing: forced sharing / This allows the class to run in the same mode as the class which called it. Apex classes with Inherited Sharing that are called from other classes with no sharing settings will run in no sharing mode.

1)  method defined class sharing setting is applied ,not of called class

2) both inner or outer class can be defined as sharing/without

• 3) Classes inherit sharing setting from a parent class when one class extends or implements another.
• 4) Apex triggers can’t have an explicit sharing declaration and run as without sharing.

• If a class with without sharing is calling the method of a class with inherited sharing, then it will run in without sharing mode.
• If a class with with sharing is calling the method of a class with inherited sharing, then it will run in with sharing mode.
• If a class with omitted sharing (i.e. no sharing is mentioned) is calling the method of a class with inherited sharing, then it will run in without sharing mode as the default sharing mode of the omitted sharing is to run in without sharing mode (This is because the calling class is established as a without sharing context). A class declared as inherited sharing runs as without sharing only when explicitly called from an already established without sharing context.
• If a class with with sharing is calling a method of a class with omitted sharing which in turn calls a method of a class with inherited sharing, then it will run in with sharing mode, as the calling class is in with sharing mode and omitted class is established as with sharing context.
• If a class with without sharing is calling a method of a class with omitted sharing which in turn calls a method of a class with inherited sharing, then it will run in without sharing mode, as the calling class is in without sharing mode and the omitted class is established as without sharing context.
• If the class is used as the entry point to an Apex transaction, an omitted sharing declaration runs as without sharing.
• If the class is used as the entry point to an Apex transaction, inherited sharing ensures that the default is to run as with sharing.

• The sharing setting of the class where a method is defined is applied, not of the class where the method is called from. For example, if a method is defined in a class declared as with sharing is called by a class declared as without sharing, the method executes with sharing rules enforced.