Organization-Wide Defaults (OWD) Explained
OWD is the foundation of Salesforce's record-level security model. For each object, admins set the default external and internal access to one of four levels: Private (only the record owner and users above them in the role hierarchy can see the record), Public Read Only (all users can view but not edit), Public Read/Write (all users can view and edit), and Controlled by Parent (access is inherited from the parent object in a master-detail relationship). These defaults apply before role hierarchy, sharing rules, teams, and manual sharing are evaluated.
Choosing the correct OWD requires balancing security with usability. Setting Opportunity to Private is common in organizations with competitive sales teams, while Account is often Public Read Only so service reps can view customer context. Changing OWD on large objects triggers a sharing recalculation that can take hours, so it should be planned carefully. Clientell AI can model different OWD configurations and predict their impact on user access patterns before you commit to a change.
Related Salesforce Terms
Sharing Rule
A Sharing Rule in Salesforce automatically extends record access to specific groups of users beyond what Organization-Wide Defaults and the role hierarchy provide.
Role Hierarchy
The Role Hierarchy in Salesforce controls record-level visibility by granting users access to records owned by anyone below them in the hierarchy tree.
Field-Level Security (FLS)
Field-Level Security controls which users can see and edit specific fields on Salesforce objects, enforced at the profile and permission set level.
Profile
A Profile in Salesforce defines the baseline set of permissions, page layout assignments, and system settings that apply to every user assigned to it.