Organization-Wide Defaults #inSalesforce

on

This set the baseline access for your users for your records for different objects.


Suppose the profile of Sales Team has been set like the following for the records they own -

Baseline Access -

  • Accounts  CR
  • Contacts  CRED
  • Opportunities  CRE
  • Cases  CRED

But what about the records they don't own. If you want them to edit, delete etc. each others records. Here OWD comes into picture. OWD determine what access and permissions users have to records they don't own. (Here OWD is Organization-Wide Defaults  and CRED is Create Read Edit and Delete object permission under profile)


The options available are:


1. Public Read/Write/Transfer :

Suppose, you have set Lead to Public Read/Write/Transfer - then here Users can view, edit and change or transfer ownership of leads they don't own. This allows non owners to view, edit and change ownership (This transfer ownership applies to Leads and Cases. For other standard objects, the owner or someone above them in the role hierarchy can transfer ownership).


2. Public Read/Write:

Suppose, you have set  Accounts, Contracts and Assets to Public Read/Write. Here users can view and edit Accounts, Contracts and Assets they don't own. But they can't transfer ownership. 


3. Public Read Only:

Suppose you have set Contacts to Public Read Only. Users can view the records of an object. They cant edit them or transfer ownership. Here users can see Contacts they don't own but cant edit or transfer them


4. Private:

Suppose you have set the Opportunities to Private. This is the most restrictive setting. Users cant even view Opportunities or records they don't own. 



Steps:

Setup | Security | Sharing Settings - Here you will set the default access level to each object for the entire org. If its a new org org, may be access to all objects all all open. You have to visit each of these object to set the setting like mentioned above.

Here Grant Access with Hierarchy works with the role hierarchy.


Example:

Settings done :

  • Setup | Security | Sharing Settings
Lets set the default sharing setting as mentioned above:
  • Lets change setting for Leads to Public Read/Write: All of the users should be able to view and edit leads but you want owners to be able to transfer owner so, you have set to Public Read/Write.
  • Lets change setting for Accounts, Contracts and Assets to Public Read Only: All of the users should be able to view Accounts, Contracts and Assets but you don't want users to be editing each other's record.
  • Lets change setting for Contacts to Public Read/Write : You want all users to update Contacts
  • Lets change setting for Opportunity to Private: You want to make opportunities confidential that is now, opportunities are visible only to owners and to users above them in the role hierarchy. Users cant see each other's opportunities unless shared via sharing rules etc.
  • Lets change setting for Case to Private as done for Opportunities
  • Save


Note:

  • Changing sharing setting may take some time.
  • Profile permission determine the base line level of access, the user has to all records. OWD can further restrict these permission on records user don't own.


Lets Test different scenarios:

If :

1. Contact object permission is CRED and OWD is Private - Here user can create new records and only view contacts user owns and on those records where user have edit and delete permissions. 

2. If you reduce the permission that is, Contact object permission is CR and OWD is Private then user can create new records, view contacts that user owns and on those records user doesn't have edit or delete permission

3. Contact object permission is CRED and OWD is Public Read Only - User can create new contacts, view all contact records even the ones she doesnt own. But the use of edit an delete button on contacts that user doesnt own, gives insufficient privileges' error message because OWD is set to Public Read Only. But she can create and delete Contacts she owns. If you give OWD to Public Read Only and custom object permission is totally removed, then user cant view any contact records any where in the system

4. Contact object permission is CRED and OWD is Public Read/Write: User can create new contacts, view both her contacts and the contacts user don't own. Additionally, she have edit and delete permission in all contacts

5. Contact object permission is CR and OWD is Public Read/Write: User can create new Contacts but Edit and Delete buttons are not available in any Contacts since OWD cant never provide users more access than they have via their object permission.


Visualhttps://www.youtube.com/watch?v=JJh4MTMvEXQ


Reference:

https://help.salesforce.com/s/articleView?id=sf.admin_sharing.htm&type=5


Comments

Post a Comment