You configure OWD in one place, Sharing Settings, and edit it per object. Decide each object's level from data sensitivity first, then set it. Plan tightening changes around a sandbox test, because they trigger a background recalculation.
- Open Sharing Settings
From Setup, type Sharing Settings in the Quick Find box and select it. The page lists every object with its current internal and external default side by side.
- Edit the Organization-Wide Defaults area
Click Edit in the Organization-Wide Defaults section. Each object row shows a Default Internal Access dropdown and, where external sharing is enabled, a Default External Access dropdown.
- Set each object's access level
Choose the level per object based on sensitivity. Set external access equal to or tighter than internal; Salesforce recommends external Private unless the business needs more. Private cannot be looser than the matching external value.
- Decide Grant Access Using Hierarchies
For custom objects, leave the Grant Access Using Hierarchies box checked unless a compliance case requires managers not to inherit subordinate records. Standard objects keep it on and the box is locked.
- Save and wait for recalculation
Click Save. Loosening applies at once; tightening runs a background sharing recalculation and you get an email when it finishes. Verify access with a few representative users afterward.
The baseline access internal users have to records they do not own, per object. Options range from Private through Public Read/Write/Transfer depending on the object.
The baseline for external authenticated users (Experience Cloud and portal logins). Must be the same as or more restrictive than the internal default. Recommended Private.
Per-object checkbox that rolls record access up the role hierarchy to managers. Always on for standard objects; optional for custom objects.
An access level for detail objects that inherits the user's access from the parent record, keeping child visibility in lockstep with the parent.
- Tightening OWD does not take effect until the background sharing recalculation completes; loosening applies immediately.
- You cannot change a custom object from Private to Public while Apex code references its sharing entries.
- Guest user OWD is Private for all objects and cannot be edited; use guest user sharing rules for public site access instead.
- Once the external sharing model is enabled in an org, it cannot be disabled, so plan before turning it on.