dynamic-sharing-recalculation
Force or orchestrate sharing recalculation after bulk data loads, rule changes, or user/role reorgs so row access catches up with policy. NOT for designing new sharing rules — use sharing-selection tree.
Best use case
dynamic-sharing-recalculation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Force or orchestrate sharing recalculation after bulk data loads, rule changes, or user/role reorgs so row access catches up with policy. NOT for designing new sharing rules — use sharing-selection tree.
Teams using dynamic-sharing-recalculation should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/dynamic-sharing-recalculation/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How dynamic-sharing-recalculation Compares
| Feature / Agent | dynamic-sharing-recalculation | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Force or orchestrate sharing recalculation after bulk data loads, rule changes, or user/role reorgs so row access catches up with policy. NOT for designing new sharing rules — use sharing-selection tree.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Dynamic Sharing Recalculation Sharing recalculation is a platform-managed process that rebuilds __Share rows after rule or hierarchy changes. For orgs above 1M records it can take hours; bulk loads can temporarily leave users without access. This skill prescribes a deferred-sharing pattern (Defer Sharing Calculations permission) and a verification checklist. ## Recommended Workflow 1. Request the 'Defer Sharing Calculations' permission from Salesforce Support 2–3 weeks in advance. 2. Before the load, enable 'Defer Sharing Rule Calculations' on the affected object. 3. Run the data load; verify counts; spot-check owner and criteria fields. 4. Re-enable sharing calculations — monitor Setup → Sharing Recalculation until queue is empty. 5. Run a verification script (SOQL as a representative user) to confirm expected record visibility. ## Key Considerations - Defer Sharing is global per object; plan change freezes around it. - Role hierarchy changes trigger background recalc on ALL objects that share via hierarchy. - Group maintenance jobs run asynchronously — public group changes can take minutes to propagate even without explicit recalc. - Big Object sharing recalc is not supported. ## Worked Examples (see `references/examples.md`) - *Migrating 10M Opportunity records into a Private org* — ETL inserts nightly for a week. - *Role reorg 1200 users* — New regional structure. ## Common Gotchas (see `references/gotchas.md`) - **Defer never requested** — Support takes weeks to enable; deadline missed. - **Re-enable forgotten** — Sharing stays deferred, new records have no access. - **Apex Managed Sharing inserts still happen** — Defer flag does not block your __Share DML; inconsistency. ## Top LLM Anti-Patterns (full list in `references/llm-anti-patterns.md`) - Enabling Defer Sharing without a runbook to re-enable - Loading 10M records on a Monday without defer permissions - Asking users to verify access 'eventually' — provide a specific verification script ## Official Sources Used - Apex Developer Guide — Sharing — https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_bulk_sharing_understanding.htm - Salesforce Security Guide — https://help.salesforce.com/s/articleView?id=sf.security.htm - Shield Platform Encryption — https://help.salesforce.com/s/articleView?id=sf.security_pe_overview.htm - Session Security Levels — https://help.salesforce.com/s/articleView?id=sf.security_hap_session.htm - CSP and Trusted URLs — https://help.salesforce.com/s/articleView?id=sf.security_csp_overview.htm - API Only User Profile — https://help.salesforce.com/s/articleView?id=sf.users_profiles_api_only.htm - Privacy Center and DSR — https://help.salesforce.com/s/articleView?id=sf.privacy_center_overview.htm
Related Skills
apex-managed-sharing-patterns
Grant row-level access programmatically via __Share records when declarative sharing rules cannot express the policy. NOT for OWD, role hierarchy, or criteria-based sharing rule design.
lwc-dynamic-components
Dynamic LWC component creation using the `lwc:component` directive, lazy-loaded dynamic imports (`import()`), and runtime component resolution for conditional rendering at scale. Triggers: 'render different components based on record type', 'dynamically load lwc at runtime', 'lwc:component lwc:is constructor', 'lazy load component only when needed', 'dynamic import lwc'. NOT for static component composition or `lwc:if` conditional rendering when the component set is fixed at build time (use lwc-conditional-rendering).
flow-runtime-context-and-sharing
Decide and audit the security boundary a Flow runs at — System Context With Sharing, System Context Without Sharing, or User Context — plus the per-element runInMode override and the implications for sharing rules, FLS, CRUD, and $User/$Profile/$Permission merge fields. NOT for Apex sharing keywords (see apex/with-without-sharing-and-context). NOT for record-access troubleshooting at the user level (see security/record-access-troubleshooting).
flow-dynamic-choices
Build picklists and choice sets in Flow Builder sourced from records, picklist fields, or collections, including dependent choices. NOT for static hard-coded choice sets.
sharing-recalculation-performance
Plan, batch, and monitor Salesforce sharing recalculation jobs — including OWD changes, sharing rule add/remove, role hierarchy restructuring, and Apex managed share rebuild — to avoid multi-hour background jobs and data-access blackouts. NOT for diagnosing data-skew root causes (use admin/data-skew-and-sharing-performance), NOT for designing the sharing model itself (use admin/sharing-and-visibility), and NOT for Apex managed sharing row-cause creation (use apex/apex-managed-sharing).
external-user-data-sharing
Configure record visibility for external users (Customer Community, Customer Community Plus, Partner Community) using External OWDs, Sharing Sets, and external sharing rules. Trigger keywords: sharing data with external users, portal user record visibility, Experience Cloud sharing model, sharing set configuration, external OWD setup, Customer Community data access, High-Volume Portal sharing. NOT for internal sharing model configuration. NOT for internal user roles and hierarchies. NOT for guest user profile hardening.
fsc-compliant-sharing-api
Programmatic record access management in Financial Services Cloud using Compliant Data Sharing (CDS): inserting AccountParticipant/OpportunityParticipant records, working with ParticipantRole and ParticipantGroup objects, verifying sharing coverage, and understanding CDS recalculation behavior. NOT for admin setup of CDS via IndustriesSettings metadata, declarative sharing rules, or standard Apex managed sharing on non-FSC objects.
dynamic-apex
Use when building or reviewing code that constructs SOQL/SOSL at runtime, inspects schema metadata via Schema.describe methods, accesses fields dynamically on sObjects, or performs runtime type inspection. Triggers: 'Database.query', 'Schema.getGlobalDescribe', 'Schema.describeSObjects', 'dynamic field access', 'SObjectType', 'DescribeFieldResult'. NOT for static SOQL queries or query performance tuning — use soql-fundamentals or soql-query-optimization.
apex-with-without-sharing-decision
Choosing the correct sharing keyword on an Apex class: with sharing vs without sharing vs inherited sharing, how the choice flows through called methods, and when WITH USER_MODE overrides class-level behavior. NOT for org-level sharing design (use standards/decision-trees/sharing-selection.md). NOT for FLS / CRUD enforcement (use apex-fls-crud-enforcement). NOT for Apex Managed Sharing (use apex-managed-sharing).
apex-managed-sharing
Sharing records programmatically via Apex: Share objects, row cause, sharing recalculation, with/without sharing patterns. NOT for declarative sharing rules (use sharing-and-visibility).
apex-dynamic-soql-binding-safety
Safe construction of dynamic SOQL — Database.query bind variables (:varName, API 60+ semantics), Database.queryWithBinds(query, Map<String,Object>, AccessLevel) (API 55+), field-name allowlisting, ORDER BY direction whitelist, LIMIT/OFFSET typing, and the interaction with WITH USER_MODE / WITH SECURITY_ENFORCED. NOT for static SOQL — see apex-soql-fundamentals. NOT for FLS enforcement on results — see soql-security or apex-stripinaccessible-and-fls-enforcement.
sharing-and-visibility
Use when designing, auditing, or troubleshooting Salesforce record access. Triggers: 'OWD', 'role hierarchy', 'sharing rule', 'manual sharing', 'why can't user see record', 'why can user see too much'. NOT for object or field permissions - use permission and FLS skills for that.