Interactive guide to Salesforce execution contexts, Sharing Rules, and FLS.
With Sharing
Enforces Record Sharing
Executes with current user's record access rules. NOTE: Does NOT enforce Field Level Security (FLS) automatically.
Record Safe
Check FLS
Use case: User-facing logic, UI Controllers
Without Sharing
Ignores Sharing Rules
Executes in system mode. Full access to all records. Use with extreme caution.
Privileged
System Mode
Use case: Batch, Integrations, Admin processes
Inherited Sharing
Adaptive Context
Adopts the sharing mode of the caller. Defaults to "With Sharing" if called directly.
Flexible
Best Practice
Use case: Helpers, Utilities, Service Layers
No Declaration
Unpredictable
Behavior depends on entry point (LWC vs VF vs Apex). Hard to maintain and audit.
Avoid
Implicit
Recommendation: Always declare explicitly
LWC / Aura
Explicit Declaration Required
@AuraEnabled classes MUST declare a mode (Spring '21). Failure to declare causes errors.
User UI
@AuraEnabled
Best practice: inherited sharing + SECURITY_ENFORCED
Triggers
System Mode
Triggers always run in system mode. To enforce rules, delegate logic to a handler class.
System
Automation
Solution: Handler class "with sharing"
Async Apex
System Mode (Default)
Batch, Future, and Queueable run in system mode unless the class declares otherwise.
Background
High Privileges
Types: Batch, Queueable, Scheduled
Flow
Configurable Context
Flows default to System Mode. New options allow "System with Sharing" or "User Context".
Invocable
Variable
Note: Apex actions respect class keyword