Skip to content
Vault Logo
Vault Developer Portal Developer
Advanced Search

    Release Notes

    Developing with Child Object Security

    When developing with objects utilizing child object security, access control extends to access with developer tools such as the Vault Java SDK and Vault API. For example:

    • When child object security is enabled, Vault deletes Custom Sharing Rules and Matching Sharing rules. Developers should evaluate existing custom solutions before enabling this setting.
    • Users with implied access to children and grandchildren via child object security gain read access to these objects with developer tools such as Vault API and Vault Java SDK.
    • Vault Admins (and integration users) cannot manually assign or remove users or groups from roles on records secured with child object security, including through developer tools such as Vault Java SDK and Vault API.

    How to Enable Child Object Security

    Section link for How to Enable Child Object Security

    When child object security is enabled, Vault deletes Custom Sharing Rules and Matching Sharing rules. Developers should evaluate existing custom solutions before enabling this setting.

    To enable child object security, developers can use Vault API’s Execute MDL Script endpoint to set the replicate_sharing_from_parent Boolean attribute to true. You can also execute MDL commands with Vault Toolbox.

    For example, the following MDL enables child object security on the child_object__c object:

    ALTER Object child_object__c ( MODIFY Field parent_object_reference_field__c( replicate_sharing_from_parent(true) ) );

    How to Determine if a Record is Secured with Child Object Security

    Section link for How to Determine if a Record is Secured with Child Object Security

    In addition to retrieving the replicate_sharing_from_parent Boolean attribute on the Object MDL component, you can also check this attribute with Vault Java SDK.

    Vault Java SDK

    Section link for Vault Java SDK

    Because child object security is configured on the parent object, you can use the Vault Java SDK ObjectParentReferenceFieldMetadata interface to determine if a child record is secured with child object security. This interface provides the #isReplicateSharingFromParent() method, which returns true if the parent has child object security enabled, otherwise false. View this method in the Javadocs.

    For example:

    // Initialize service ObjectMetadataService objectMetadataService = ServiceLocator.locate(ObjectMetadataService.class); // Build the request object for retrieving campaign__c object metadata ObjectMetadataRequest objectMetadataRequest = objectMetadataService.newObjectRequestBuilder() .withObjectName("campaign__c") .build(); // Retrieve campaign__c object metadata ObjectMetadata campaignMetadata = objectMetadataService.getObject(objectMetadataRequest); // Retrieve enablement status of child object security boolean isChildSecurityEnabled = campaignMetadata.isReplicateSharingFromParent();