Sharing Reasons

Sharing reasons override the organization-wide defaults to allow individual records to be
shared between groups of users.The groups can be roles or public groups.The behavior
of the sharing reason depends on the groups involved and the type of sharing reason.
Sharing between roles results in asymmetric privileges. Users in subordinate roles do
not receive any privileges of their superiors, but superiors receive all the privileges of
their subordinates. Sharing with public groups is symmetric, granting equal rights to both
parties. In other words, a user has access to all records that are accessible to its descendants
in role hierarchy. For example, the SVP of Customer Service & Support
has access to records that are accessible to Customer Support, International and Customer
Support, North America.
The four types of sharing reasons are as follows:
1. Manual: The owner of a record can elect to manually share it with another user or
group of users.The owner specifies the level of access (Read Only or Read/Write)
to be granted.To configure manual sharing, click the Sharing button on a detail
record in the Force.com native user interface. Figure 3-7 shows the user interface
for sharing a record named GenePoint in the Project object.

2. Sharing Rules: Sharing rules allow records to be shared automatically by
Force.com based on group membership or arbitrary criteria. In Figure 3-8, a sharing
rule is being created for the Project object. It specifies that members of the
Central business unit can automatically read and write all Project records owned by
their colleagues in the same business unit. In Figure 3-9, a criteria-based sharing
rule is being defined to provide users in the Executive role with read and write
access to billable projects.
3. Procedural: Records can be shared programmatically using Apex code.This allows
a developer to define the conditions that govern the sharing of a record.
4. Delegated Administration: Profiles contain a special object permission category
called Data Administration. It contains View All and Modify All permissions. If these
are granted, they exempt users in that profile from all sharing rules, giving them
access to all records regardless of owner.This privilege is intended for data import,
export, and cleansing programs that need to run unencumbered by sharing rules.