Is is possible to grant delete permissions using apex managed sharing?

I have Custom_Object__c with:

  1. Org-Wide Default Settings as: Private
  2. Object Permissions in the user Profile: Create, Read, Edit, Delete.

I have a small development in Apex that is creating some apex managed sharing rules, to give certain users access to records they don’t own.
So far I only needed to give the users either “Read” or “Edit” permissions. So all worked ok.

However, now I need to grant users delete permissions for records they don’t own. Without touching profile nor org-wide default settings.
This would mean creating the apex managed sharing rules with accessLevel = ‘All’.

I looked into the documentation, it seems to say that it’s not possible to do that. (http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_bulk_sharing_understanding.htm)

All: This access level can only be granted with Force.com managed sharing.

Does anybody know a workaround to give the user delete permissions for records they don’t own using apex managed sharing?

Answer

See this answer I had asked another question on this topic because the answer by Ralph Callaway didn’t work for me (but I really wanted it to)

I am copying the answer from the original question I asked because I
don’t want it to be a link only answer. I’m putting it here so others
are not misled to think giving Delete access on the object and an edit
apex managed share wil let the user delete the record.

The credit for the answer goes to ca_peterson and is reposted here:

The statement from the docs
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_bulk_sharing_understanding.htm

is key here:

This access level can only be granted with Force.com managed sharing.

in reference to the “full control” sharing setting.

Force.com managed sharing is the term for sharing that is granted by
the platform itself – so record owner and manager of record owner if
you simplify the statement.

Per the docs linked
there

you need “Full Access” to be allowed to delete.

Pair these two facts together and it turns out that nope – there’s no
way to grant delete access via apex sharing rules. The only options
are to use force.com managed sharing (i.e. change the owner, or be
above the owner in the role hierarchy), or grant modify all on the
profile/perm set.

The other option would be to make a custom VF page or action that
allows deleting the record via without sharing apex if the user has
edit rights, but that doesn’t allow the normal delete DML event, so
has some drawbacks.

Attribution
Source : Link , Question Author : Pere Martí , Answer Author : HungryPipo

Leave a Comment