Created
February 9, 2022 17:59
-
-
Save brianmfear/e8b2e40b84af4862a643beb6bba5bebd to your computer and use it in GitHub Desktop.
Without Sharing overridden by System.runAs?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @isTest without sharing class wSharingTest { | |
| @isTest static void test() { | |
| Account a = new Account(Name='Name'); | |
| User u = [SELECT FIELDS(STANDARD) FROM User WHERE Id = :UserInfo.getUserId()].deepClone(false, false, false); | |
| u.FederationIdentifier = '12345'; | |
| u.Alias = '12345678'; | |
| u.UserName += '.brian.fear'; | |
| u.CommunityNickname = '12345678'; | |
| u.ProfileId = [SELECT Id FROM Profile WHERE Name LIKE 'Standard%' LIMIT 1].Id; | |
| System.runAs(new User(Id=UserInfo.getUserId())) { | |
| insert a; | |
| } | |
| System.runAs(u) { | |
| // This line fails with: | |
| // System.DmlException: Delete failed. First exception on row 0 with id 0011T00002dJrIvQAK; | |
| // first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: [] | |
| delete a; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It means In a System.runAs() method the sharing rules are enforced regardless of the apex class access modifier.
And In the above org, it shows that the account level sharing settings are set to public read/write but as the new user also present on the same hierarchy, it's not allowing to delete the record owned by the current user. This shows sharing rules are enforced forcefully when we use System.runAs().
This is very helpful information.