Skip to main content
Security

Organization-Wide Defaults (OWD)

Organization-Wide Defaults define the baseline record access level for each object, establishing the most restrictive sharing setting before other mechanisms open access.

Term Context

Category

Security

7 terms in this category

Related Terms

4

connected concepts

Glossary

66

total definitions

Organization-Wide Defaults (OWD) Explained

OWD is the foundation of Salesforce's record-level security model. For each object, admins set the default external and internal access to one of four levels: Private (only the record owner and users above them in the role hierarchy can see the record), Public Read Only (all users can view but not edit), Public Read/Write (all users can view and edit), and Controlled by Parent (access is inherited from the parent object in a master-detail relationship). These defaults apply before role hierarchy, sharing rules, teams, and manual sharing are evaluated.

Choosing the correct OWD requires balancing security with usability. Setting Opportunity to Private is common in organizations with competitive sales teams, while Account is often Public Read Only so service reps can view customer context. Changing OWD on large objects triggers a sharing recalculation that can take hours, so it should be planned carefully. Clientell AI can model different OWD configurations and predict their impact on user access patterns before you commit to a change.

Related Salesforce Terms

4 terms

Sharing Rule

Security

A Sharing Rule in Salesforce automatically extends record access to specific groups of users beyond what Organization-Wide Defaults and the role hierarchy provide.

Role Hierarchy

Administration

The Role Hierarchy in Salesforce controls record-level visibility by granting users access to records owned by anyone below them in the hierarchy tree.

Field-Level Security (FLS)

Security

Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.

Profile

Administration

A Profile in Salesforce defines the baseline set of permissions, page layout assignments, and system settings that apply to every user assigned to it.

Learn More

Permission ManagementAI Salesforce Admin

More in Security

View all →

Field-Level Security (FLS)

Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.

Sharing Rule

A Sharing Rule in Salesforce automatically extends record access to specific groups of users beyond what Organization-Wide Defaults and the role hierarchy provide.

Shield Platform Encryption

Shield Platform Encryption encrypts sensitive data at rest in Salesforce using tenant-specific encryption keys, protecting it beyond standard database-level encryption.

Connected App

A Connected App is a configuration framework that enables an external application to integrate with Salesforce using OAuth 2.0, SAML, or other standard protocols.

Getting Started

Ready to transform your Salesforce?

Join hundreds of teams using Clientell AI to automate workflows and boost productivity.

Start free trialTalk to Sales

Unlimited messages  ·  No credit card required

SOC 2
HIPAA
GDPR
Salesforce Partner