I have Custom_Object__c with:
- Org-Wide Default Settings as: Private
- Object Permissions in the user Profile: Create, Read, Edit, Delete.
I have a small development in Apex that is creating some apex managed sharing rules, to give certain users access to records they don’t own.
So far I only needed to give the users either “Read” or “Edit” permissions. So all worked ok.
However, now I need to grant users delete permissions for records they don’t own. Without touching profile nor org-wide default settings.
This would mean creating the apex managed sharing rules with accessLevel = ‘All’.
I looked into the documentation, it seems to say that it’s not possible to do that. (http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_bulk_sharing_understanding.htm)
All: This access level can only be granted with Force.com managed sharing.
Does anybody know a workaround to give the user delete permissions for records they don’t own using apex managed sharing?
I am copying the answer from the original question I asked because I
don’t want it to be a link only answer. I’m putting it here so others
are not misled to think giving Delete access on the object and an edit
apex managed share wil let the user delete the record.
The credit for the answer goes to ca_peterson and is reposted here:
The statement from the docs
is key here:
This access level can only be granted with Force.com managed sharing.
in reference to the “full control” sharing setting.
Force.com managed sharing is the term for sharing that is granted by
the platform itself – so record owner and manager of record owner if
you simplify the statement.
Per the docs linked
you need “Full Access” to be allowed to delete.
Pair these two facts together and it turns out that nope – there’s no
way to grant delete access via apex sharing rules. The only options
are to use force.com managed sharing (i.e. change the owner, or be
above the owner in the role hierarchy), or grant modify all on the
The other option would be to make a custom VF page or action that
allows deleting the record via
without sharingapex if the user has
edit rights, but that doesn’t allow the normal delete DML event, so
has some drawbacks.