One of the key point to be noted to lead an Organization into the success path is to maintain Data Security. Data is one of the crucial aspect of having a successful enterprise. It contains rich information on the past history and transactions. In this article, we are going to see how to secure data using Organization wide sharing Defaults.
Organization-Wide Sharing Defaults
“Organization Wide Sharing Defaults” in short OWD provides you baseline level of access for each object. It determines what access and permissions users have to records they don’t own. It allows you to restrict access to the records of an object and can be open up by role hierarchy and sharing rules. OWD can be defined for both Standard and Custom Objects.
Following are the access level Actions for different objects
- Public Read/Write/Delete/Transfer
- Public Read/Write
- Public Read Only
- Controlled by parent
Let us look at each of the above aspects in details. They are taken one by one in the section below.
If the access level is set to the public Read/Write/Delete/Transfer, it allows other users to read, write, delete and change ownership. However, the ability to transfer ownership is available only for standard Lead and Case objects and for other objects, owner of the record or users above them in the role hierarchy can change the ownership for the records they don’t own.
If the access level is set to the public Read/Write, all the users are allowed to read and edit records they don’t own. Here they cannot transfer the ownership.
Public Read Only
If the access level is set to the public Read-Only, all the users can view all the records but they cannot have access to edit, delete and transfer the ownership.
If the access level is set to private, users cannot see the records they don’t own. Hence it is the most restricting action in OWD. Only record owners and the users above them in role hierarchy will have access to the records.
Controlled by Parent
If the access level is set to Controlled by parent, records visibility is controlled by the parent object. For example, Contact object is related to Account object. Here Account is parent object and contact is child object. If a user does not have access to Account records, the user cannot access the contact records of that account even if the sharing rules are defined for contact object. If a contact isn’t linked to an Account then it will be treated as private.
Steps to define Organization wide Sharing default (OWD)
Following are the steps where you can set up the organization wide sharing default.
- Go to Setup-> Administrator-> Security Controls-> Sharing Settings.
- You will be redirected to the following screen
Click on Edit, following screen will be shown
- From the Default Internal Access drop-down list you can define the level of access to Internal users.
- Every organization in the Salesforce has Internal Users(Employees and Sales Reps) and External users(Website users, Customer Portal Users, Community Users etc.). Consider a business scenario where Internal Users should have access to the particular object and External Users should not have access to that object. To achieve this Salesforce provides “External Organization wide Default” settings to restrict access to records.
Following are the steps to define External Organization wide Default
- Go to setup-> Administrator-> Security Controls-> Sharing Settings.
You will be redirected to the following screen
Click on Enable External Sharing Model. you will be redirected to following page.
Click on Edit button. The following page will be displayed.
- Choose Default Internal Access and Default External Access and click on save button.
- Changes may take some time depends on the size of data in your organization. You will receive a confirmation mail once OWD changes are completed.
Grant Access Using Hierarchies
When OWD for an object is set to Private, Only record owners and the users above them in role hierarchy will have access to the records. If you want to restrict record access to the users above in the role hierarchy then simply un-check the Grant Access Using Hierarchies check box.
Note: You can un-check the Grant Access Using Hierarchies check box for only custom objects.
In this way, you can secure data using Organization wide sharing Default(OWD). As OWD is organization-wide it restricts data access to all the users in the Org. There may be some situations where OWD can’t meet your business requirement. Salesforce provides Role hierarchies and Sharing Rules which, dominates the OWD and allows you to restrict access to specific users.
How we can help
Our team can help you customize and integrated Salesforce as per your business process. Read about our Salesforce Integration Services. Reach out to us for a free assessment of your business needs.