**Source URL:** https://limited.veevavault.dev/medical/security/child-object/developing-with-child-object-security.md

# Developing with Child Object Security

When developing with objects utilizing child object security, access control extends to access with developer tools such as the Vault Java SDK and Vault API. For example:

* When child object security is enabled, Vault deletes Custom Sharing Rules and Matching Sharing rules. Developers should evaluate existing custom solutions before enabling this setting.

* Users with implied access to children and grandchildren via child object security gain read access to these objects with developer tools such as Vault API and Vault Java SDK.

* Vault Admins (and integration users) cannot manually assign or remove users or groups from roles on records secured with child object security, including through developer tools such as Vault Java SDK and Vault API.

## How to Enable Child Object Security {#how-to-enable-child-object-security}

When child object security is enabled, Vault deletes Custom Sharing Rules and Matching Sharing rules. Developers should evaluate existing custom solutions before enabling this setting.

To enable child object security, developers can use Vault API’s [Execute MDL Script](/vault-api/api-reference/26.2/metadata-definition-language-mdl/execute-mdl-script) endpoint to set the `replicate_sharing_from_parent` Boolean attribute to `true`. You can also execute MDL commands with [Vault Toolbox](/mdl/documentation/guides/vault-toolbox).

For example, the following MDL enables child object security on the `child_object__c` object:

`ALTER Object child_object__c (
     MODIFY Field parent_object_reference_field__c(
        replicate_sharing_from_parent(true)
     )
);
`

## How to Determine if a Record is Secured with Child Object Security {#how-to-determine-if-a-record-is-secured-with-child-object-security}

In addition to retrieving the `replicate_sharing_from_parent` Boolean attribute on the `Object` MDL component, you can also check this attribute with Vault Java SDK.

### Vault Java SDK {#vault-java-sdk}

Because child object security is configured on the parent object, you can use the Vault Java SDK `ObjectParentReferenceFieldMetadata` interface to determine if a child record is secured with child object security. This interface provides the `#isReplicateSharingFromParent()` method, which returns `true` if the parent has child object security enabled, otherwise `false`. View this method in the [Javadocs](https://repo.veevavault.com/javadoc/vault-sdk-api/docs/api/com/veeva/vault/sdk/api/data/ObjectParentReferenceFieldMetadata.html).

For example:

```
// Initialize service
ObjectMetadataService objectMetadataService = ServiceLocator.locate(ObjectMetadataService.class);


// Build the request object for retrieving campaign__c object metadata
ObjectMetadataRequest objectMetadataRequest = objectMetadataService.newObjectRequestBuilder()
    .withObjectName("campaign__c")
    .build();


// Retrieve campaign__c object metadata
ObjectMetadata campaignMetadata = objectMetadataService.getObject(objectMetadataRequest);


// Retrieve enablement status of child object security
boolean isChildSecurityEnabled = campaignMetadata.isReplicateSharingFromParent();

```


---

**Previous:** [Child Object Security](/medical/security/child-object)  
**Next:** [Tree Security](/medical/security/tree)