Withsharing and withoutsharing

Hi Naresh,

System mode -
System mode is nothing but running apex code by ignoring user's permissions. For example, logged in user does not have create permission but he/she is able to create a record.
In system mode, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren't applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.
In Salesforce, all apex code run in system mode. It ignores user's permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn't enforce user permissions or field-level permissions, it only enforces record sharing.

User mode -
User mode is nothing but running apex code by respecting user's permissions and sharing of records. For example, logged in user does not have create permission and so he/she is not able to create a record.
In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.

Without Sharing keyword -
The 'without sharing' keyword is to ensure that the sharing rules (not permissions) for the current user are not enforced.
Example - Let's consider that the OWD for Account is private, no account records are owned by or shared with an user 'u' and a "without sharing" class called MyClass is fetching account records in a list. Now if class 'MyClass' is run by user 'u' then account records will be fetched. Remember that whether the user 'u' is having full CRUD or having no CRUD, records will be fetched.

With Sharing keyword -
The with sharing keyword allows you to specify that the sharing rules (and not permissions) for the current user be taken into account for a class. You have to explicitly set this keyword for the class because Apex code runs in system mode.
Example - Let's consider that the OWD for Account is private, no account records are owned by or shared with an user 'u' and a "with sharing" class called MyClass is fetching account records in a list. Now if class 'MyClass' is run by user 'u' then no records will be fetched. Remember that whether the user 'u' is having full CRUD or having no CRUD record will not be fetched.

Please look into the below links:

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_keywords_sharing.htm

http://salesforce.stackexchange.com/questions/16121/sfdc-understanding-with-sharing-without-sharing-unspecified-sharing-classes

http://aluniya.blogspot.com/2014/02/salesforce-system-mode-user-mode-and.html

http://www.infallibletechie.com/2012/12/class-with-sharing-and-without-sharing.html

Thanks

Hi,

When you use 'with sharing'(with Security Settings enforced) keyword the Apex code runs in User Context, i.e all the sharing rules for the current user are taken into account.

When you use 'without sharing' keyword the Apex code runs in system context, Apex code has access to all objects and fields— object permissions, field-level security, and sharing rules aren’t applied for the current user.