Organization Wide Defaults (OWD)

Organization Wide Defaults (OWD) are the foundation of Salesforce record-level security. OWD determines the baseline level of access that users have to records they do not own. Before Salesforce evaluates Role Hierarchy, Sharing Rules, Teams, or Manual Sharing, it first checks the Organization Wide Defaults settings.

In Salesforce, data security follows a layered approach. OWD defines the most restrictive access level, and then additional sharing mechanisms can be used to open access where necessary. Understanding OWD is critical because every record-sharing strategy in Salesforce begins with Organization Wide Defaults.

For Salesforce Administrators, Developers, Consultants, and Architects, OWD is one of the most important concepts in Salesforce Security and User Management.

What are Organization Wide Defaults (OWD)?

Organization Wide Defaults (OWD) are Salesforce settings that determine the default access users have to records they do not own.

In simple terms:

OWD answers the question:

“What access should users have to records owned by other users?”

Examples:

• Can users view other records?
• Can users edit other records?
• Can users only access their own records?

OWD establishes the baseline security model.

Why OWD is Important?

Organizations often need to protect sensitive data.

Examples:

• Sales Opportunities
• Employee Records
• Financial Information
• Student Records
• Customer Cases

Without OWD:

• Data could be exposed unnecessarily.
• Security becomes difficult to manage.
• Compliance requirements may be violated.

OWD ensures a secure foundation for record access.

OWD in the Salesforce Security Model

Salesforce Security consists of multiple layers.

Organization-Level Security

Controls login access.

Object-Level Security

Controls object permissions.

Field-Level Security

Controls field visibility.

Record-Level Security

Controls record access.

OWD belongs to:

Record-Level Security

It determines the baseline access for records.

How OWD Works

Salesforce evaluates record access using the following process:

Step 1

Check OWD settings.

Step 2

Apply Role Hierarchy.

Step 3

Apply Sharing Rules.

Step 4

Apply Teams.

Step 5

Apply Manual Sharing.

This layered approach provides flexible and secure access control.

Example of OWD

Consider:

User A

Owns Opportunity A

User B

Owns Opportunity B

OWD Setting:

Private

Result:

• User A sees Opportunity A.
• User B sees Opportunity B.
• Neither user can see the other’s opportunity.

This is the most restrictive setting.

Types of OWD Access Levels

Salesforce provides several OWD access options.

Private

Public Read Only

Public Read/Write

Controlled by Parent

Each option serves different business requirements.

Private Access

What is Private?

Private is the most restrictive OWD setting.

Users can:

• Access their own records.

Users cannot:

• View records owned by others.
• Edit records owned by others.

Example:

Sales Representative A cannot access opportunities owned by Sales Representative B.

Benefits

• Maximum security
• Strong data protection
• Compliance support

Private is commonly used for sensitive business data.

Public Read Only

What is Public Read Only?

Users can:

• View all records.

Users cannot:

• Edit records owned by others.

Example:

All sales representatives can view opportunities.

Only owners can modify them.

Benefits

• Improved visibility
• Controlled editing
• Better collaboration

Public Read Only is frequently used in collaborative environments.

Public Read/Write

What is Public Read/Write?

Users can:

• View all records.
• Edit all records.

Example:

All project team members can manage project records.

Benefits

• Maximum collaboration
• Simplified access management

Risks

• Reduced security
• Increased risk of accidental changes

Administrators should use this setting carefully.

Controlled by Parent

What is Controlled by Parent?

Child record access is inherited from the parent record.

Example:

Account

Parent Object

Contact

Child Object

If a user can access the Account:

They automatically gain access to related Contacts.

Benefits

• Simplified security management
• Consistent record access

Controlled by Parent is common in parent-child relationships.

Viewing OWD Settings

Step 1

Navigate to:

Setup

Step 2

Search:

Sharing Settings

Step 3

Open:

Sharing Settings

Step 4

Locate:

Organization-Wide Defaults

Administrators can review all OWD configurations.

Configuring OWD

Step 1

Open Sharing Settings.

Step 2

Click:

Edit

Step 3

Select access levels for objects.

Examples:

• Account
• Contact
• Opportunity
• Case
• Custom Objects

Step 4

Save.

Salesforce recalculates sharing access automatically.

OWD for Standard Objects

Examples of Standard Objects:

Account

Contact

Lead

Opportunity

Case

Each object can have different OWD settings based on business requirements.

OWD for Custom Objects

Custom Objects also support OWD.

Example:

Student__c

Course__c

Enrollment__c

Administrators define access independently for each custom object.

This provides flexibility.

OWD and Role Hierarchy

Role Hierarchy expands access beyond OWD.

Example:

OWD:

Private

Role Structure:

Sales Manager

↓

Sales Representative

Result:

Manager can access subordinate records.

Role Hierarchy supplements OWD.

OWD and Sharing Rules

Sharing Rules further expand access.

Example:

OWD:

Private

Sharing Rule:

Share opportunities with Regional Sales Team.

Result:

Additional users gain access.

Sharing Rules help balance security and collaboration.

OWD and Teams

Salesforce supports:

Account Teams

Opportunity Teams

Case Teams

Teams provide additional access beyond OWD settings.

This supports collaborative business processes.

OWD and Manual Sharing

Users can manually share records when permitted.

Example:

Opportunity Owner shares a record with a colleague.

This access is granted regardless of restrictive OWD settings.

Manual Sharing provides flexibility.

OWD and Record Ownership

Record ownership plays a major role.

Record Owners always have access to their records.

OWD primarily affects:

Non-Owners

This distinction is important.

Common OWD Configurations

Sales Organizations

Opportunities:

Private

Customer Support

Cases:

Public Read Only

Human Resources

Employee Records:

Private

Educational Institutions

Student Records:

Private

These configurations are commonly used.

OWD Best Practices

Start with Private Access

Apply least privilege principles.

Open Access Gradually

Use Sharing Rules and Roles as needed.

Protect Sensitive Data

Use restrictive settings where appropriate.

Review Security Regularly

Conduct periodic audits.

Document OWD Decisions

Support governance and compliance.

Test User Visibility

Verify access before deployment.

These practices improve security and maintainability.

OWD vs Profiles

OWD and Profiles serve different security functions.

OWD vs Role Hierarchy

Role Hierarchy builds upon OWD.

OWD vs Sharing Rules

Sharing Rules complement OWD settings.

Common Challenges

Excessive Visibility

OWD too open.

Restricted Collaboration

OWD too restrictive.

Complex Sharing Structures

Difficult to maintain.

Compliance Requirements

Require strict access controls.

Administrators must balance security and usability.

Real-World Example

A software training company manages student records.

OWD:

Private

Result:

Student Counselors only access their own students.

Role Hierarchy:

Training Managers gain access to counselor records.

Sharing Rules:

Finance Team receives access to payment information.

This layered model provides both security and collaboration.

Why Organization Wide Defaults Matter for Salesforce Professionals

Understanding OWD helps professionals:

• Build secure Salesforce environments
• Protect sensitive data
• Design record-sharing strategies
• Meet compliance requirements
• Prepare for Salesforce certifications

OWD is the foundation of Salesforce record-level security.

Summary

Organization Wide Defaults (OWD) define the baseline level of record access in Salesforce. As the foundation of record-level security, OWD determines what users can access when they do not own a record. By using settings such as Private, Public Read Only, Public Read/Write, and Controlled by Parent, administrators establish secure data-sharing policies that can later be expanded through Role Hierarchy, Sharing Rules, Teams, and Manual Sharing. Mastering OWD is essential for building secure and scalable Salesforce security models.

Frequently Asked Questions (FAQs)

What are Organization Wide Defaults (OWD) in Salesforce?

OWD are settings that determine the default access users have to records they do not own.

What is the most secure OWD setting?

Private is the most restrictive and secure OWD setting.

Does OWD control object permissions?

No. Object permissions are controlled through Profiles and Permission Sets.

What does Controlled by Parent mean?

Child records inherit access from their parent records.

Can OWD be overridden?

Yes. Role Hierarchy, Sharing Rules, Teams, and Manual Sharing can provide additional access.

Why is OWD important?

OWD provides the foundation of Salesforce record-level security.

Internal Resources

Looking to learn more technologies and programming skills?

Click here for more free courses.