Understanding Manual Sharing
Manual Sharing in Salesforce is a record-level sharing mechanism that lets users explicitly share a single record with another user, a group, or a role. It provides fine-grained control beyond org-wide defaults (OWD), role hierarchy, and sharing rules, allowing ad-hoc access to particular records when automated sharing doesn’t meet business needs.
When to use Manual Sharing
Use Manual Sharing when you need to grant access to a specific record for a limited time or to a limited audience, for example:
- One-off collaborations where a user outside the normal sharing model needs access to a record.
- Temporary access for contractors or consultants without changing role or profile settings.
- Exceptions to automated sharing rules where business policy requires manual approval.
How Manual Sharing works
Manual Sharing creates a separate share entry for the record in a dedicated share table for each object. For standard and custom objects the share tables are named <ObjectName>Share (for example, AccountShare or CustomObject__Share), and each row contains:
ParentId— the record being sharedUserOrGroupId— the recipient (user, group, or role)AccessLevel— level of access (Read, Edit)RowCause— reason for sharing (“Manual” for user-created shares; other values for rule-based shares)
When a manual share is added, Salesforce evaluates sharing for that record and grants access accordingly. Manual shares are independent of profile permissions and only grant access if the user already has object-level access.
Creating Manual Shares
There are three common ways to create manual shares:
- User Interface — On a record page (if ‘Sharing’ button is enabled), owners or users with full access can click “Share” and add users, roles, or groups with Read or Edit access.
- Apex — Programmatic creation by inserting a row into the object’s share table. Example for a custom object:
// Apex example: programmatically share a CustomObject__c record
CustomObject__Share shareRow = new CustomObject__Share();
shareRow.ParentId = 'a0Bxxxxxxxxxxxx'; // record Id
shareRow.UserOrGroupId = '005xxxxxxxxxxxx'; // user or group Id
shareRow.AccessLevel = 'Read';
shareRow.RowCause = Schema.CustomObject__Share.RowCause.Manual; // Manual share
insert shareRow;
Note: For standard objects, use the standard <Object>Share sObject (e.g., AccountShare), and for some objects the share object may be read-only (for example, certain standard objects like Case or Opportunity may have constraints based on org configuration).
Limitations and Considerations
- Manual shares are record-specific and do not cascade to related records automatically.
- Only users with the appropriate privileges (record owner, users with Full Access via sharing, or users with the “Modify All” object permission) can create manual shares through the UI; Apex code may require the running user to have appropriate permissions or use “without sharing” cautiously.
- Manual sharing bypasses role hierarchy only for the explicit recipient; it does not change a user’s profile or role.
- Excessive manual shares can become difficult to maintain — consider using sharing rules or territory management for scalable solutions.
Best Practices
- Prefer declarative sharing (sharing rules, criteria-based sharing, or sharing sets) for recurring scenarios.
- Limit manual sharing to exceptions and temporary cases.
- Document manual shares and periodically review or audit them (use reports on the <Object>Share tables).
- Use Apex sharing reasons and meaningful RowCause values for custom objects where available to distinguish automated shares from manual ones.
Quick Reference
Key terms: Manual Sharing, <Object>Share, RowCause = Manual, UserOrGroupId, AccessLevel.