UTIL_Sharing
Class · Group: Utilities
global inherited sharing class UTIL_SharingUtility class for managing SObject record sharing. Provides methods for both permanent and time-bound (temporary) sharing. Known access-mode consistency issue (tracked as a known issue). Share-record DML is currently hard-coded to .withSystemMode().bypassSharing(). The time-bound revocation queueable legitimately needs SYSTEM_MODE as a cleanup fallback (it runs hours after grant, so the original user's session may no longer be valid). The grant / grantTemporary insert path is harder to justify: UTIL_Sharing is global and the target is a caller-specified parent object's share table, not a framework-owned bookkeeping object, so silently elevating to SYSTEM_MODE + bypassSharing() lets a low-privilege subscriber caller grant access to records they have no native right to share. This is the same privilege-escalation shape that was corrected for UTIL_PurgeRecords and UTIL_BulkUpdates — those utilities now inherit the flag-driven default so the running user's FLS/CRUD applies. UTIL_Sharing should move to the same posture for the grant path; the change is deferred because it would alter subscriber-visible behaviour of a global API and needs release-note coordination. Supports any SObject type that has a corresponding Share object (custom objects with __Share and standard objects like AccountShare, CaseShare, etc.).
Since: 1.0
Example:
List<Account> accounts = QRY_Builder.selectFrom(Account.SObjectType)
.fields(new List<String>{'Id'})
.withLimit(10)
.toList();
Id groupId = new SEL_Group().findByName('AllUsers').Id;
// Permanent sharing - grant read access indefinitely
List<SObject> shares = UTIL_Sharing.grant(accounts, groupId, 'Read');
// Temporary sharing - grant read access for 30 minutes
List<SObject> tempShares = UTIL_Sharing.grantTemporary(accounts, groupId, 'Read', 30);See Also: UTIL_AsynchronousJobLauncher
Methods
| Method | Description |
|---|---|
| global static List grant(List<SObject> records, Id userOrGroupId, String accessLevel) | Grants permanent access to the specified records for a user or group. |
| global static List grantTemporary(List<SObject> records, Id userOrGroupId, String accessLevel, Integer validityMinutes) | Grants temporary access to the specified records for a user or group. |
Method Details
grant
global static List<SObject> grant(List<SObject> records, Id userOrGroupId, String accessLevel)Grants permanent access to the specified records for a user or group. Creates share records that remain until explicitly deleted.
Parameters:
records(List) - The SObject records to share (must have an Id).userOrGroupId(SObject) - The ID of the User or Group to grant access to.accessLevel(Id) - The level of access to grant ('Read', 'Edit', or 'All').
Returns: SObject - The created share records.
Throws:
- IllegalArgumentException - if any parameter is invalid.
Since: 1.0
Example:
List<Account> accounts = QRY_Builder.selectFrom(Account.SObjectType)
.fields(new List<String>{'Id'})
.withLimit(10)
.toList();
Id groupId = new SEL_Group().findByName('AllUsers').Id;
List<SObject> shares = UTIL_Sharing.grant(accounts, groupId, 'Edit');grantTemporary
global static List<SObject> grantTemporary(List<SObject> records, Id userOrGroupId, String accessLevel, Integer validityMinutes)Grants temporary access to the specified records for a user or group. Creates share records and schedules their automatic revocation after the validity period.
Parameters:
records(List) - The SObject records to share (must have an Id).userOrGroupId(SObject) - The ID of the User or Group to grant access to.accessLevel(Id) - The level of access to grant ('Read', 'Edit', or 'All').validityMinutes(String) - The duration in minutes before access is revoked.
Returns: SObject - The created share records.
Throws:
- IllegalArgumentException - if any parameter is invalid.
Since: 1.0
Example:
List<Account> accounts = QRY_Builder.selectFrom(Account.SObjectType)
.fields(new List<String>{'Id'})
.withLimit(10)
.toList();
Id groupId = new SEL_Group().findByName('AllUsers').Id;
List<SObject> shares = UTIL_Sharing.grantTemporary(accounts, groupId, 'Edit', 60);