Org-Wide default defines baseline level of access that the most restricted users should have. This is to safeguard your data and use other record level security and sharing tools to share data with other users.
How to access Org-Wide default.
Step 1. Login into your salesforce org.
Step 2. Go to Setup.
Step 3. In Quick Search, Type “Sharing Setting”. Select Sharing Setting.
There are basically 5 different sharing levels that you can choose for each object.
- Public Read Only
- Public Read/Write
- Controlled by Parent
- Public Read/Write/Transfer
If an object default access is set to private the only then, owner of the record and user above the role hierarchy can view, edit and report on those records.
Public Read Only
If an object default access is set to Public Read Only then, all users in the org can view the record, but only the owner of the record and user above the role hierarchy can edit those records.
If an object default access is set to Public Read/Write then, all users can view, edit and report all records of that object.
Controlled by Parent
If an object default access is set to Controlled by Parent then, the object is a child object in a master detail relationship, and a user can view, edit or delete a record if she can perform that same action on the record it belongs to (Parent Record).
This option is available only for Lead and Case object. If permission is set to Public Read/Write then, users other than owner of that record can edit and view the record, only owner of the record can transfer ownership of lead or case. But with Public Read/Write/Transfer any user can view, edit and transfer ownership of any lead or case even if they do not own the record.
Now let us see all other options that are available in this page.
There are 2 different picklist selections for each object.
- Default Internal Access
- Default External Access.
Note: The default external access must be more restrictive or equal to the default internal access.
When an organization has both Internal users (employees or agents) and External users (customers/community portal users), then we can set the different level of access each user can have.
Grant Access Using Hierarchies
To disable automatic access using your hierarchies, deselect Grant Access Using Hierarchies for any custom object that does not have a default access of Controlled by Parent.
Note: Grant Access Using Hierarchies is enables only for custom object, by default all standard object have default access set to true and cannot be changed.
User Visibility Setting and Other Settings.
You can enable visibility to Portal users and community users as per organizations requirement under User Visibility Setting.
With respect to sharing/securing data with manager, subordinates, groups, Community users, guest users and manual sharing of record. You can choose relevant options in Other settings.