Organization-wide defaults (OWD)
Platform's Managed Sharing is based on record ownership.
The record owner (specified by OwnerId) is automatically granted Full Access to the record:
- view,
- edit,
- transfer,
- share,
- delete
Sharing tools we describe deal with records which are not owned by the user.
OWDs are the least granular level of sharing to specify the user's default access level to an object.
UI:
To view: https://na34.salesforce.com/p/own/OrgSharingDetail
To Edit: https://na34.salesforce.com/p/share/OrgDefaultSharing?id=ORG_ID
example ORG_ID=00D61000000dcQB
Let us see OWD for a custom object : Job__c
Available default values for OWD:
- Private (most restrictive)
- Public Read Only
- Public Read/Write (least restrictive)
All record-level sharing settings:
1. Role hierarchy
2. Territory hierarchy
3. Sharing rules
4. Teams
5. Manual sharing
6. Programmatic sharing (Apex Managed Sharing)
are exceptions to OWD sharing settings.
Access Triangle - Opening up visibility:
Record-level sharing settings:
- can only be used to grant more permissive access to records
- cannot be used to restrict access to records
- only be implemented for objects whose object-level sharing defaults are restricted (Private and Public Read Only. Not for: Public Read/Write!: the users already have read/write default access)