+ Start a Discussion

Apex managed sharing



I'm using following trigger for sharing records to hiring manager via apex


trigger Hiring_Manager_Job_Share on Position__c (after insert) {

    // We only execute the trigger after a Job record has been inserted 
    // because we need the Id of the Job record to already exist.
    // Job_Share is the "Share" table that was created when the
    // Organization Wide Default sharing setting was set to "Private".
    // Allocate storage for a list of Position__Share records.
    List<Position__Share> jobShares  = new List<Position__Share>();

    // For each of the Job records being inserted, do the following:
    for(Position__c job : trigger.new){

        // Create a new Position__Share record to be inserted in to the Job_Share table.
        Position__Share hiringManagerShare = new Position__Share();
        // Populate the Position__Share record with the ID of the record to be shared.
        hiringManagerShare.ParentId = job.Id;
        // Then, set the ID of user or group being granted access. In this case,
        // we’re setting the Id of the Hiring Manager that was specified by 
        // the Recruiter in the Hiring_Manager__c lookup field on the Job record.  
        // (See Image 1 to review the Job object's schema.)
        hiringManagerShare.UserOrGroupId = job.Hiring_Manager__c;
        // Specify that the Hiring Manager should have edit access for 
        // this particular Job record.
        hiringManagerShare.AccessLevel = 'read';
        // Specify that the reason the Hiring Manager can edit the record is 
        // because he’s the Hiring Manager.
        // (Hiring_Manager_Access__c is the Apex Sharing Reason that we defined earlier.)
        hiringManagerShare.RowCause = Schema.Position__Share.RowCause.Hiring_Manager_Access__c;
        // Add the new Share record to the list of new Share records.
    // Insert all of the newly created Share records and capture save result 
    insert jobShares;
    // Error handling code omitted for readability.


and OWD for Position__c is Publice Read Only.


Now, when I create a new position record I get this error

Apex trigger Hiring_Manager_Job_Share caused an unexpected exception, contact your administrator: Hiring_Manager_Job_Share: execution of AfterInsert caused by: System.DmlException: Insert failed. First exception on row 0; first error: FIELD_INTEGRITY_EXCEPTION, field integrity exception: AccessLevel (trivial share level Read, for organization with default level Read): [AccessLevel]: Trigger.Hiring_Manager_Job_Share: line 41, column 1


I can understand that this is trivial case and can be passed why my code is not working? What I am missing here?


one more thing I've already used following code to bypass the error but it doesn't work


      Database.SaveResult sr = Database.insert(jobShr,false);

      // Process the save results. 
         // Indicates success 
         return true;
      else {
         // Get first save result error. 
         Database.Error err = sr.getErrors()[0];
         // Check if the error is related to trival access level. 
         // Access levels equal or more permissive than the object's default  
         // access level are not allowed.  
         // These sharing records are not required and thus an insert exception is acceptable.  
         if(err.getStatusCode() == StatusCode.FIELD_FILTER_VALIDATION_EXCEPTION  &&  
            // Indicates success. 
            return true;
            // Indicates failure. 
            return false;





As you stated, your OWD for  Position__c is Public Read Only.


However, you are also trying to set manual share access to Read only access which is available by default, so the record fails because it would not be useful to the system to grant manual read only access on an object whose OWD is read only.


Depending on what you are trying to do, you would either want to grant Edit access, i.e change this code:


hiringManagerShare.AccessLevel = 'Edit';


Or you would want to change the OWD for Position__c to Private and continue to grant 'Read' access to the manager.


Hopefully this helps!



Juan Camacho RJuan Camacho R
I know this answer is from 2012 but it was a lifesaver. Thanks for sharing :)