PDI Question #116: Real Exam Question with Answer & Explanation

Question

Universal Containers implemented a private sharing model for the Account object. A custom Account search tool was developed with Apex to help sales representatives find accounts that match multiple criteria they specify. Since its release, users of the tool report they can see Accounts they do not own. What should the developer use to enforce sharing permission for the currently logged-in user while using the custom search tool?

Options

• AUse the schema describe calls to determine if the logged-in users has access to the Account
• BUse the without sharing keyword on the class declaration.
• CUse the UserInfo Apex class to filter all SOQL queries to returned records owned by the logged-in
• DUse the with sharing keyword on the class declaration.

Explanation

In Salesforce, an Apex class runs in system mode by default, meaning it ignores the org's sharing rules and can access all records regardless of ownership. To enforce the current user's sharing permissions-consistent with a private sharing model-the class must be declared with the 'with sharing' keyword. This instructs Salesforce to apply the logged-in user's record-level access rules to all SOQL queries executed within that class, preventing users from seeing Accounts they do not have access to. Using 'without sharing' (choice B) explicitly bypasses sharing rules, making the problem worse. Schema describe calls (choice A) check field/object permissions, not record-level sharing. Filtering by owner via UserInfo (choice C) only handles direct ownership and misses records shared via sharing rules, roles, or manual shares.

No community discussion yet for this question.